Compare commits

...

42 Commits

Author SHA1 Message Date
d51f8fefaa roles/common: minor configuration of Debian 13 SSH
Tweak some of the new OpenSSH per-source penalty settings on Debian
13. For now only adjusting the source network masks and reusing the
list of IPs to exempt from fail2ban.

These being built in makes them easier to use, but I think I will
end up sticking with fail2ban for the heavy lifting because it per-
sists across restarts of the daemon, whereas OpenSSH's doesn't. I
will monitor OpenSSH on Debian 13 to see how to best use it along
side fail2ban.
2025-09-23 10:33:24 +03:00
9ff6e19135 roles/common: use 127.0.0.0/8 for fail2ban ignoreip
We can re-use our fail2ban ignoreip setting for Debian 13's OpenSSH
PerSourcePenaltyExemptList, but OpenSSH is more strict with regards
to masks not being applied to the host portion. I had never noticed
that fail2ban's default was applying the mask on the host portion!
2025-09-23 10:33:23 +03:00
4680999680 roles/common: sshd overrides for Debian 13 2025-09-23 10:33:23 +03:00
602734acce roles: update ansible.builtin.systemd builtin
Use ansible.builtin.systemd_service instead.
2025-09-23 10:33:11 +03:00
0db7911b70 roles/common: remove sudoers.d
We are not using this.
2025-09-21 23:09:40 +03:00
ee4c62e5f9 roles: remove tests for Debian
We only run on Debian now.
2025-09-21 22:20:31 +03:00
a315db8a7c roles/common: use ansible_distribution_version
In most cases it is enough to use the full version (ie 12.12) since
we use Ansible's version comparison function. We rarely need to use
the major version (ie 12) directly.
2025-09-21 22:19:00 +03:00
5f00892df3 roles/common: adjust when in tasks 2025-09-21 22:04:25 +03:00
9357265d27 roles/common: use ansible.builtin.apt module 2025-09-21 22:00:39 +03:00
dd62266340 roles/common: update comment in ntp task 2025-09-21 21:58:11 +03:00
a1bec20824 roles/common: simplify when logic in ntp task 2025-09-21 21:57:34 +03:00
8e91c44529 roles/common: fix syntax error in npt when 2025-09-21 21:56:15 +03:00
02d4135c79 roles/common: adjust ntp task
On Debian 12 we need to explicitly remove ntp because it does not
conflict with other time daemons.
2025-09-21 21:55:09 +03:00
37e148d009 Re-work ansible_managed
This is no longer a configuration setting. Now we must set it like
any other template variabled.
2025-09-21 21:15:12 +03:00
73dbbd23b6 roles/common: adjust handlers
Should start with an upper case letter.
2025-09-21 20:22:58 +03:00
b84283aa38 roles/common: remove unneeded firewall packages
We don't need curl or libnet-ip-perl anymore.
2025-09-21 20:15:11 +03:00
1695fdf8d1 roles/common: syntax in firewall play 2025-09-21 20:11:46 +03:00
9f1f7b1c69 roles/nginx: more syntax fixes to tasks 2025-09-21 20:08:51 +03:00
7d725f2084 roles/nginx: adjust task syntax
Tasks should start with an upper case letter and we should not use
free form syntax anymore.
2025-09-21 20:04:53 +03:00
4c39b0d48c roles/php_fpm: adjust task syntax
All tasks need names, and we can use name, tags, when, block order
for task keys. Suggested by ansible-lint.
2025-09-21 20:02:46 +03:00
f4023d0b20 roles/php_fpm: rename handler
Suggested by ansible-lint.
2025-09-21 19:59:23 +03:00
6aaface4a2 Rename roles/php-fpm to roles/php_fpm
Suggested by ansible-lint.
2025-09-21 19:56:20 +03:00
333e1cbeb9 roles/mariadb/handlers/main.yml: update syntax 2025-09-21 17:32:57 +03:00
0c62f4bdf0 roles/common/tasks/packages.yml: improve task key order
Suggested by ansible-lint. Makes it easier to see the tags after the
very long block.
2025-09-21 17:30:54 +03:00
26f22c0447 roles/munin: update task syntax 2025-09-21 17:29:22 +03:00
05881e2585 roles: fix unquoted octal modes 2025-09-21 17:25:22 +03:00
d4d326c2f7 roles/common: use FQCN in handler 2025-09-21 17:09:45 +03:00
1d4a6f208b roles/common: update default fail2ban ignores 2025-09-21 17:06:48 +03:00
8b22076d4a roles/common: json spacing 2025-09-21 17:06:01 +03:00
38176cb34c roles/nginx: update task syntax for plays 2025-09-21 16:59:08 +03:00
da737b71f7 roles/mariadb: update task syntax for mariadb play 2025-09-21 16:54:19 +03:00
c28189a1a5 roles/common: update task syntax for fail2ban play 2025-09-21 16:54:03 +03:00
b600141e89 roles/common: update task syntax for sshd play 2025-09-21 16:51:23 +03:00
4be98d1a33 roles/common: update task syntax for ssh-keys play 2025-09-21 16:49:32 +03:00
2bb018a40c roles/common: rename firewall and packages task files
Don't use firewall_Debian.yml or packages_Debian.yml since I am not
deploying Ubuntu anymore there is no need to distinguish.
2025-09-21 16:45:51 +03:00
89a1e11b7a roles/common: update task syntax in main play 2025-09-21 16:40:37 +03:00
0c0cad9084 Remove Ubuntu logic
For a few years now I have only been deploying Debian for personal
use.
2025-09-21 16:34:57 +03:00
9dce701a19 roles/common: update task syntax in packages play 2025-09-21 16:23:10 +03:00
3e9ee44d5b roles/common: update task syntax in ntp play 2025-09-21 16:18:32 +03:00
599b5e5e83 Pipfile.lock: run pipenv update 2025-09-21 15:57:28 +03:00
bc700ea532 Pipfile.lock: pipenv update 2025-08-17 10:28:23 +03:00
8016701b57 host_vars/web22: WordPress 6.8.2 2025-08-17 10:26:43 +03:00
46 changed files with 797 additions and 1004 deletions

690
Pipfile.lock generated
View File

@@ -18,37 +18,37 @@
"default": {
"ansible": {
"hashes": [
"sha256:caa56fc92e5bea012abf37f08aa348da27d2fcaf94bf398e24cadcb618a4dc3b",
"sha256:f9df37c71d407f65bcb9c5c06c9918e297d9ea74b5cdaf5926c4c9aa9e44db5f"
"sha256:1a17f8c593a973e6d81f10ebfe7eac53e799616f745d57b99bd36b34f79f16a2",
"sha256:1b3ad8158dd2597ce45a864a55ca09e5be1807cc97f44a00c39d7bb9e1520aa6"
],
"index": "pypi",
"markers": "python_version >= '3.11'",
"version": "==11.7.0"
"version": "==12.0.0"
},
"ansible-compat": {
"hashes": [
"sha256:c2b4bfeca6383b2047b2e1dea473cec4f1f9f2dd59beef71d6c47f632eaf97c9",
"sha256:cced722001bd7b617d418e54017e308c8b27ef3815f377843c00e020fa07165e"
"sha256:5bb843838414b75efff24dae5ff5b332cd503a596143d471980243cec4b46c9c",
"sha256:f29ab81264b3f04fb94ac2d7f68fe73efc2eb3cbe4ecf00f9b4742e77c41756f"
],
"markers": "python_version >= '3.10'",
"version": "==25.6.0"
"version": "==25.8.1"
},
"ansible-core": {
"hashes": [
"sha256:12a34749a7b20f0f1536bd3e3b2e137341867e4642e351273e96647161f595c0",
"sha256:25bb20ce1516a1b7307831b263cef684043b3720711466bd9d4164e5fd576557"
"sha256:1fe6ca533951b5ba4a619e763ea4f6725f68c36677c7d5aaa467b59aa449bdc8",
"sha256:87fcbbc492ed16eb6adb0379bae0adbf69f3ce88a8440e7e88e0dcefa9f8a54c"
],
"markers": "python_version >= '3.11'",
"version": "==2.18.6"
"version": "==2.19.2"
},
"ansible-lint": {
"hashes": [
"sha256:69fe294a3cc30d8819b5a30625a7e25225f48558cadb83ad3d4dec597c1b8c2c",
"sha256:6a1dd2b7a9f3f202c9e92a6c80296ff33ca863348c3acf978f80fb0d4536dce4"
"sha256:2d5a8a2b01c46966591a17769a129142181515aac19c27742ecb8c94e84bf692",
"sha256:b8fe138a1257c6e58a755febd726b3186820f6dcb23a5bb062538c939a7277bb"
],
"index": "pypi",
"markers": "python_version >= '3.10'",
"version": "==25.6.1"
"version": "==25.9.0"
},
"attrs": {
"hashes": [
@@ -60,31 +60,31 @@
},
"black": {
"hashes": [
"sha256:030b9759066a4ee5e5aca28c3c77f9c64789cdd4de8ac1df642c40b708be6171",
"sha256:055e59b198df7ac0b7efca5ad7ff2516bca343276c466be72eb04a3bcc1f82d7",
"sha256:0e519ecf93120f34243e6b0054db49c00a35f84f195d5bce7e9f5cfc578fc2da",
"sha256:172b1dbff09f86ce6f4eb8edf9dede08b1fce58ba194c87d7a4f1a5aa2f5b3c2",
"sha256:1e2978f6df243b155ef5fa7e558a43037c3079093ed5d10fd84c43900f2d8ecc",
"sha256:33496d5cd1222ad73391352b4ae8da15253c5de89b93a80b3e2c8d9a19ec2666",
"sha256:3b48735872ec535027d979e8dcb20bf4f70b5ac75a8ea99f127c106a7d7aba9f",
"sha256:4b60580e829091e6f9238c848ea6750efed72140b91b048770b64e74fe04908b",
"sha256:759e7ec1e050a15f89b770cefbf91ebee8917aac5c20483bc2d80a6c3a04df32",
"sha256:8f0b18a02996a836cc9c9c78e5babec10930862827b1b724ddfe98ccf2f2fe4f",
"sha256:95e8176dae143ba9097f351d174fdaf0ccd29efb414b362ae3fd72bf0f710717",
"sha256:96c1c7cd856bba8e20094e36e0f948718dc688dba4a9d78c3adde52b9e6c2299",
"sha256:a1ee0a0c330f7b5130ce0caed9936a904793576ef4d2b98c40835d6a65afa6a0",
"sha256:a22f402b410566e2d1c950708c77ebf5ebd5d0d88a6a2e87c86d9fb48afa0d18",
"sha256:a39337598244de4bae26475f77dda852ea00a93bd4c728e09eacd827ec929df0",
"sha256:afebb7098bfbc70037a053b91ae8437c3857482d3a690fefc03e9ff7aa9a5fd3",
"sha256:bacabb307dca5ebaf9c118d2d2f6903da0d62c9faa82bd21a33eecc319559355",
"sha256:bce2e264d59c91e52d8000d507eb20a9aca4a778731a08cfff7e5ac4a4bb7096",
"sha256:d9e6827d563a2c820772b32ce8a42828dc6790f095f441beef18f96aa6f8294e",
"sha256:db8ea9917d6f8fc62abd90d944920d95e73c83a5ee3383493e35d271aca872e9",
"sha256:ea0213189960bda9cf99be5b8c8ce66bb054af5e9e861249cd23471bd7b0b3ba",
"sha256:f3df5f1bf91d36002b0a75389ca8663510cf0531cca8aa5c1ef695b46d98655f"
"sha256:0172a012f725b792c358d57fe7b6b6e8e67375dd157f64fa7a3097b3ed3e2175",
"sha256:0474bca9a0dd1b51791fcc507a4e02078a1c63f6d4e4ae5544b9848c7adfb619",
"sha256:154b06d618233fe468236ba1f0e40823d4eb08b26f5e9261526fde34916b9140",
"sha256:1b9dc70c21ef8b43248f1d86aedd2aaf75ae110b958a7909ad8463c4aa0880b0",
"sha256:2ab0ce111ef026790e9b13bd216fa7bc48edd934ffc4cbf78808b235793cbc92",
"sha256:3bec74ee60f8dfef564b573a96b8930f7b6a538e846123d5ad77ba14a8d7a64f",
"sha256:456386fe87bad41b806d53c062e2974615825c7a52159cde7ccaeb0695fa28fa",
"sha256:474b34c1342cdc157d307b56c4c65bce916480c4a8f6551fdc6bf9b486a7c4ae",
"sha256:77e7060a00c5ec4b3367c55f39cf9b06e68965a4f2e61cecacd6d0d9b7ec945a",
"sha256:846d58e3ce7879ec1ffe816bb9df6d006cd9590515ed5d17db14e17666b2b357",
"sha256:8e46eecf65a095fa62e53245ae2795c90bdecabd53b50c448d0a8bcd0d2e74c4",
"sha256:9101ee58ddc2442199a25cb648d46ba22cd580b00ca4b44234a324e3ec7a0f7e",
"sha256:a16b14a44c1af60a210d8da28e108e13e75a284bf21a9afa6b4571f96ab8bb9d",
"sha256:aaf319612536d502fdd0e88ce52d8f1352b2c0a955cc2798f79eeca9d3af0608",
"sha256:b756fc75871cb1bcac5499552d771822fd9db5a2bb8db2a7247936ca48f39831",
"sha256:c0372a93e16b3954208417bfe448e09b0de5cc721d521866cd9e0acac3c04a1f",
"sha256:ce41ed2614b706fd55fd0b4a6909d06b5bab344ffbfadc6ef34ae50adba3d4f7",
"sha256:d119957b37cc641596063cd7db2656c5be3752ac17877017b2ffcdb9dfc4d2b1",
"sha256:e3c1f4cd5e93842774d9ee4ef6cd8d17790e65f44f7cdbaab5f2cf8ccf22a823",
"sha256:e593466de7b998374ea2585a471ba90553283fb9beefcfa430d84a2651ed5933",
"sha256:ef69351df3c84485a8beb6f7b8f9721e2009e20ef80a8d619e2d1788b7816d47",
"sha256:f96b6726d690c96c60ba682955199f8c39abc1ae0c3a494a9c62c0184049a713"
],
"markers": "python_version >= '3.9'",
"version": "==25.1.0"
"version": "==25.9.0"
},
"bracex": {
"hashes": [
@@ -96,135 +96,177 @@
},
"cffi": {
"hashes": [
"sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8",
"sha256:0984a4925a435b1da406122d4d7968dd861c1385afe3b45ba82b750f229811e2",
"sha256:0e2b1fac190ae3ebfe37b979cc1ce69c81f4e4fe5746bb401dca63a9062cdaf1",
"sha256:0f048dcf80db46f0098ccac01132761580d28e28bc0f78ae0d58048063317e15",
"sha256:1257bdabf294dceb59f5e70c64a3e2f462c30c7ad68092d01bbbfb1c16b1ba36",
"sha256:1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824",
"sha256:1d599671f396c4723d016dbddb72fe8e0397082b0a77a4fab8028923bec050e8",
"sha256:28b16024becceed8c6dfbc75629e27788d8a3f9030691a1dbf9821a128b22c36",
"sha256:2bb1a08b8008b281856e5971307cc386a8e9c5b625ac297e853d36da6efe9c17",
"sha256:30c5e0cb5ae493c04c8b42916e52ca38079f1b235c2f8ae5f4527b963c401caf",
"sha256:31000ec67d4221a71bd3f67df918b1f88f676f1c3b535a7eb473255fdc0b83fc",
"sha256:386c8bf53c502fff58903061338ce4f4950cbdcb23e2902d86c0f722b786bbe3",
"sha256:3edc8d958eb099c634dace3c7e16560ae474aa3803a5df240542b305d14e14ed",
"sha256:45398b671ac6d70e67da8e4224a065cec6a93541bb7aebe1b198a61b58c7b702",
"sha256:46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1",
"sha256:4ceb10419a9adf4460ea14cfd6bc43d08701f0835e979bf821052f1805850fe8",
"sha256:51392eae71afec0d0c8fb1a53b204dbb3bcabcb3c9b807eedf3e1e6ccf2de903",
"sha256:5da5719280082ac6bd9aa7becb3938dc9f9cbd57fac7d2871717b1feb0902ab6",
"sha256:610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d",
"sha256:636062ea65bd0195bc012fea9321aca499c0504409f413dc88af450b57ffd03b",
"sha256:6883e737d7d9e4899a8a695e00ec36bd4e5e4f18fabe0aca0efe0a4b44cdb13e",
"sha256:6b8b4a92e1c65048ff98cfe1f735ef8f1ceb72e3d5f0c25fdb12087a23da22be",
"sha256:6f17be4345073b0a7b8ea599688f692ac3ef23ce28e5df79c04de519dbc4912c",
"sha256:706510fe141c86a69c8ddc029c7910003a17353970cff3b904ff0686a5927683",
"sha256:72e72408cad3d5419375fc87d289076ee319835bdfa2caad331e377589aebba9",
"sha256:733e99bc2df47476e3848417c5a4540522f234dfd4ef3ab7fafdf555b082ec0c",
"sha256:7596d6620d3fa590f677e9ee430df2958d2d6d6de2feeae5b20e82c00b76fbf8",
"sha256:78122be759c3f8a014ce010908ae03364d00a1f81ab5c7f4a7a5120607ea56e1",
"sha256:805b4371bf7197c329fcb3ead37e710d1bca9da5d583f5073b799d5c5bd1eee4",
"sha256:85a950a4ac9c359340d5963966e3e0a94a676bd6245a4b55bc43949eee26a655",
"sha256:8f2cdc858323644ab277e9bb925ad72ae0e67f69e804f4898c070998d50b1a67",
"sha256:9755e4345d1ec879e3849e62222a18c7174d65a6a92d5b346b1863912168b595",
"sha256:98e3969bcff97cae1b2def8ba499ea3d6f31ddfdb7635374834cf89a1a08ecf0",
"sha256:a08d7e755f8ed21095a310a693525137cfe756ce62d066e53f502a83dc550f65",
"sha256:a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41",
"sha256:a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6",
"sha256:a45e3c6913c5b87b3ff120dcdc03f6131fa0065027d0ed7ee6190736a74cd401",
"sha256:a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6",
"sha256:ad9413ccdeda48c5afdae7e4fa2192157e991ff761e7ab8fdd8926f40b160cc3",
"sha256:b2ab587605f4ba0bf81dc0cb08a41bd1c0a5906bd59243d56bad7668a6fc6c16",
"sha256:b62ce867176a75d03a665bad002af8e6d54644fad99a3c70905c543130e39d93",
"sha256:c03e868a0b3bc35839ba98e74211ed2b05d2119be4e8a0f224fba9384f1fe02e",
"sha256:c59d6e989d07460165cc5ad3c61f9fd8f1b4796eacbd81cee78957842b834af4",
"sha256:c7eac2ef9b63c79431bc4b25f1cd649d7f061a28808cbc6c47b534bd789ef964",
"sha256:c9c3d058ebabb74db66e431095118094d06abf53284d9c81f27300d0e0d8bc7c",
"sha256:ca74b8dbe6e8e8263c0ffd60277de77dcee6c837a3d0881d8c1ead7268c9e576",
"sha256:caaf0640ef5f5517f49bc275eca1406b0ffa6aa184892812030f04c2abf589a0",
"sha256:cdf5ce3acdfd1661132f2a9c19cac174758dc2352bfe37d98aa7512c6b7178b3",
"sha256:d016c76bdd850f3c626af19b0542c9677ba156e4ee4fccfdd7848803533ef662",
"sha256:d01b12eeeb4427d3110de311e1774046ad344f5b1a7403101878976ecd7a10f3",
"sha256:d63afe322132c194cf832bfec0dc69a99fb9bb6bbd550f161a49e9e855cc78ff",
"sha256:da95af8214998d77a98cc14e3a3bd00aa191526343078b530ceb0bd710fb48a5",
"sha256:dd398dbc6773384a17fe0d3e7eeb8d1a21c2200473ee6806bb5e6a8e62bb73dd",
"sha256:de2ea4b5833625383e464549fec1bc395c1bdeeb5f25c4a3a82b5a8c756ec22f",
"sha256:de55b766c7aa2e2a3092c51e0483d700341182f08e67c63630d5b6f200bb28e5",
"sha256:df8b1c11f177bc2313ec4b2d46baec87a5f3e71fc8b45dab2ee7cae86d9aba14",
"sha256:e03eab0a8677fa80d646b5ddece1cbeaf556c313dcfac435ba11f107ba117b5d",
"sha256:e221cf152cff04059d011ee126477f0d9588303eb57e88923578ace7baad17f9",
"sha256:e31ae45bc2e29f6b2abd0de1cc3b9d5205aa847cafaecb8af1476a609a2f6eb7",
"sha256:edae79245293e15384b51f88b00613ba9f7198016a5948b5dddf4917d4d26382",
"sha256:f1e22e8c4419538cb197e4dd60acc919d7696e5ef98ee4da4e01d3f8cfa4cc5a",
"sha256:f3a2b4222ce6b60e2e8b337bb9596923045681d71e5a082783484d845390938e",
"sha256:f6a16c31041f09ead72d69f583767292f750d24913dadacf5756b966aacb3f1a",
"sha256:f75c7ab1f9e4aca5414ed4d8e5c0e303a34f4421f8a0d47a4d019ceff0ab6af4",
"sha256:f79fc4fc25f1c8698ff97788206bb3c2598949bfe0fef03d299eb1b5356ada99",
"sha256:f7f5baafcc48261359e14bcd6d9bff6d4b28d9103847c9e136694cb0501aef87",
"sha256:fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b"
"sha256:00bdf7acc5f795150faa6957054fbbca2439db2f775ce831222b66f192f03beb",
"sha256:07b271772c100085dd28b74fa0cd81c8fb1a3ba18b21e03d7c27f3436a10606b",
"sha256:087067fa8953339c723661eda6b54bc98c5625757ea62e95eb4898ad5e776e9f",
"sha256:0a1527a803f0a659de1af2e1fd700213caba79377e27e4693648c2923da066f9",
"sha256:0cf2d91ecc3fcc0625c2c530fe004f82c110405f101548512cce44322fa8ac44",
"sha256:0f6084a0ea23d05d20c3edcda20c3d006f9b6f3fefeac38f59262e10cef47ee2",
"sha256:12873ca6cb9b0f0d3a0da705d6086fe911591737a59f28b7936bdfed27c0d47c",
"sha256:19f705ada2530c1167abacb171925dd886168931e0a7b78f5bffcae5c6b5be75",
"sha256:1cd13c99ce269b3ed80b417dcd591415d3372bcac067009b6e0f59c7d4015e65",
"sha256:1e3a615586f05fc4065a8b22b8152f0c1b00cdbc60596d187c2a74f9e3036e4e",
"sha256:1f72fb8906754ac8a2cc3f9f5aaa298070652a0ffae577e0ea9bd480dc3c931a",
"sha256:1fc9ea04857caf665289b7a75923f2c6ed559b8298a1b8c49e59f7dd95c8481e",
"sha256:203a48d1fb583fc7d78a4c6655692963b860a417c0528492a6bc21f1aaefab25",
"sha256:2081580ebb843f759b9f617314a24ed5738c51d2aee65d31e02f6f7a2b97707a",
"sha256:21d1152871b019407d8ac3985f6775c079416c282e431a4da6afe7aefd2bccbe",
"sha256:24b6f81f1983e6df8db3adc38562c83f7d4a0c36162885ec7f7b77c7dcbec97b",
"sha256:256f80b80ca3853f90c21b23ee78cd008713787b1b1e93eae9f3d6a7134abd91",
"sha256:28a3a209b96630bca57cce802da70c266eb08c6e97e5afd61a75611ee6c64592",
"sha256:2c8f814d84194c9ea681642fd164267891702542f028a15fc97d4674b6206187",
"sha256:2de9a304e27f7596cd03d16f1b7c72219bd944e99cc52b84d0145aefb07cbd3c",
"sha256:38100abb9d1b1435bc4cc340bb4489635dc2f0da7456590877030c9b3d40b0c1",
"sha256:3925dd22fa2b7699ed2617149842d2e6adde22b262fcbfada50e3d195e4b3a94",
"sha256:3e17ed538242334bf70832644a32a7aae3d83b57567f9fd60a26257e992b79ba",
"sha256:3e837e369566884707ddaf85fc1744b47575005c0a229de3327f8f9a20f4efeb",
"sha256:3f4d46d8b35698056ec29bca21546e1551a205058ae1a181d871e278b0b28165",
"sha256:44d1b5909021139fe36001ae048dbdde8214afa20200eda0f64c068cac5d5529",
"sha256:45d5e886156860dc35862657e1494b9bae8dfa63bf56796f2fb56e1679fc0bca",
"sha256:4647afc2f90d1ddd33441e5b0e85b16b12ddec4fca55f0d9671fef036ecca27c",
"sha256:4671d9dd5ec934cb9a73e7ee9676f9362aba54f7f34910956b84d727b0d73fb6",
"sha256:53f77cbe57044e88bbd5ed26ac1d0514d2acf0591dd6bb02a3ae37f76811b80c",
"sha256:5eda85d6d1879e692d546a078b44251cdd08dd1cfb98dfb77b670c97cee49ea0",
"sha256:5fed36fccc0612a53f1d4d9a816b50a36702c28a2aa880cb8a122b3466638743",
"sha256:61d028e90346df14fedc3d1e5441df818d095f3b87d286825dfcbd6459b7ef63",
"sha256:66f011380d0e49ed280c789fbd08ff0d40968ee7b665575489afa95c98196ab5",
"sha256:6824f87845e3396029f3820c206e459ccc91760e8fa24422f8b0c3d1731cbec5",
"sha256:6c6c373cfc5c83a975506110d17457138c8c63016b563cc9ed6e056a82f13ce4",
"sha256:6d02d6655b0e54f54c4ef0b94eb6be0607b70853c45ce98bd278dc7de718be5d",
"sha256:6d50360be4546678fc1b79ffe7a66265e28667840010348dd69a314145807a1b",
"sha256:730cacb21e1bdff3ce90babf007d0a0917cc3e6492f336c2f0134101e0944f93",
"sha256:737fe7d37e1a1bffe70bd5754ea763a62a066dc5913ca57e957824b72a85e205",
"sha256:74a03b9698e198d47562765773b4a8309919089150a0bb17d829ad7b44b60d27",
"sha256:7553fb2090d71822f02c629afe6042c299edf91ba1bf94951165613553984512",
"sha256:7a66c7204d8869299919db4d5069a82f1561581af12b11b3c9f48c584eb8743d",
"sha256:7cc09976e8b56f8cebd752f7113ad07752461f48a58cbba644139015ac24954c",
"sha256:81afed14892743bbe14dacb9e36d9e0e504cd204e0b165062c488942b9718037",
"sha256:8941aaadaf67246224cee8c3803777eed332a19d909b47e29c9842ef1e79ac26",
"sha256:89472c9762729b5ae1ad974b777416bfda4ac5642423fa93bd57a09204712322",
"sha256:8ea985900c5c95ce9db1745f7933eeef5d314f0565b27625d9a10ec9881e1bfb",
"sha256:8eca2a813c1cb7ad4fb74d368c2ffbbb4789d377ee5bb8df98373c2cc0dee76c",
"sha256:92b68146a71df78564e4ef48af17551a5ddd142e5190cdf2c5624d0c3ff5b2e8",
"sha256:9332088d75dc3241c702d852d4671613136d90fa6881da7d770a483fd05248b4",
"sha256:94698a9c5f91f9d138526b48fe26a199609544591f859c870d477351dc7b2414",
"sha256:9a67fc9e8eb39039280526379fb3a70023d77caec1852002b4da7e8b270c4dd9",
"sha256:9de40a7b0323d889cf8d23d1ef214f565ab154443c42737dfe52ff82cf857664",
"sha256:a05d0c237b3349096d3981b727493e22147f934b20f6f125a3eba8f994bec4a9",
"sha256:afb8db5439b81cf9c9d0c80404b60c3cc9c3add93e114dcae767f1477cb53775",
"sha256:b18a3ed7d5b3bd8d9ef7a8cb226502c6bf8308df1525e1cc676c3680e7176739",
"sha256:b1e74d11748e7e98e2f426ab176d4ed720a64412b6a15054378afdb71e0f37dc",
"sha256:b21e08af67b8a103c71a250401c78d5e0893beff75e28c53c98f4de42f774062",
"sha256:b4c854ef3adc177950a8dfc81a86f5115d2abd545751a304c5bcf2c2c7283cfe",
"sha256:b882b3df248017dba09d6b16defe9b5c407fe32fc7c65a9c69798e6175601be9",
"sha256:baf5215e0ab74c16e2dd324e8ec067ef59e41125d3eade2b863d294fd5035c92",
"sha256:c649e3a33450ec82378822b3dad03cc228b8f5963c0c12fc3b1e0ab940f768a5",
"sha256:c654de545946e0db659b3400168c9ad31b5d29593291482c43e3564effbcee13",
"sha256:c6638687455baf640e37344fe26d37c404db8b80d037c3d29f58fe8d1c3b194d",
"sha256:c8d3b5532fc71b7a77c09192b4a5a200ea992702734a2e9279a37f2478236f26",
"sha256:cb527a79772e5ef98fb1d700678fe031e353e765d1ca2d409c92263c6d43e09f",
"sha256:cf364028c016c03078a23b503f02058f1814320a56ad535686f90565636a9495",
"sha256:d48a880098c96020b02d5a1f7d9251308510ce8858940e6fa99ece33f610838b",
"sha256:d68b6cef7827e8641e8ef16f4494edda8b36104d79773a334beaa1e3521430f6",
"sha256:d9b29c1f0ae438d5ee9acb31cadee00a58c46cc9c0b2f9038c6b0b3470877a8c",
"sha256:d9b97165e8aed9272a6bb17c01e3cc5871a594a446ebedc996e2397a1c1ea8ef",
"sha256:da68248800ad6320861f129cd9c1bf96ca849a2771a59e0344e88681905916f5",
"sha256:da902562c3e9c550df360bfa53c035b2f241fed6d9aef119048073680ace4a18",
"sha256:dbd5c7a25a7cb98f5ca55d258b103a2054f859a46ae11aaf23134f9cc0d356ad",
"sha256:dd4f05f54a52fb558f1ba9f528228066954fee3ebe629fc1660d874d040ae5a3",
"sha256:de8dad4425a6ca6e4e5e297b27b5c824ecc7581910bf9aee86cb6835e6812aa7",
"sha256:e11e82b744887154b182fd3e7e8512418446501191994dbf9c9fc1f32cc8efd5",
"sha256:e6e73b9e02893c764e7e8d5bb5ce277f1a009cd5243f8228f75f842bf937c534",
"sha256:f73b96c41e3b2adedc34a7356e64c8eb96e03a3782b535e043a986276ce12a49",
"sha256:f93fd8e5c8c0a4aa1f424d6173f14a892044054871c771f8566e4008eaa359d2",
"sha256:fc33c5141b55ed366cfaad382df24fe7dcbc686de5be719b207bb248e3053dc5",
"sha256:fc7de24befaeae77ba923797c7c87834c73648a05a4bde34b3b7e5588973a453",
"sha256:fe562eb1a64e67dd297ccc4f5addea2501664954f2692b69a76449ec7913ecbf"
],
"markers": "python_version >= '3.8'",
"version": "==1.17.1"
"markers": "python_version >= '3.9'",
"version": "==2.0.0"
},
"click": {
"hashes": [
"sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202",
"sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b"
"sha256:9b9f285302c6e3064f4330c05f05b81945b2a39544279343e6e7c5f27a9baddc",
"sha256:e7b8232224eba16f4ebe410c25ced9f7875cb5f3263ffc93cc3e8da705e229c4"
],
"markers": "python_version >= '3.10'",
"version": "==8.2.1"
"version": "==8.3.0"
},
"cryptography": {
"hashes": [
"sha256:0027d566d65a38497bc37e0dd7c2f8ceda73597d2ac9ba93810204f56f52ebc7",
"sha256:101ee65078f6dd3e5a028d4f19c07ffa4dd22cce6a20eaa160f8b5219911e7d8",
"sha256:12e55281d993a793b0e883066f590c1ae1e802e3acb67f8b442e721e475e6463",
"sha256:14d96584701a887763384f3c47f0ca7c1cce322aa1c31172680eb596b890ec30",
"sha256:1e1da5accc0c750056c556a93c3e9cb828970206c68867712ca5805e46dc806f",
"sha256:206210d03c1193f4e1ff681d22885181d47efa1ab3018766a7b32a7b3d6e6afd",
"sha256:2089cc8f70a6e454601525e5bf2779e665d7865af002a5dec8d14e561002e135",
"sha256:3a264aae5f7fbb089dbc01e0242d3b67dffe3e6292e1f5182122bdf58e65215d",
"sha256:3af26738f2db354aafe492fb3869e955b12b2ef2e16908c8b9cb928128d42c57",
"sha256:3fcfbefc4a7f332dece7272a88e410f611e79458fab97b5efe14e54fe476f4fd",
"sha256:460f8c39ba66af7db0545a8c6f2eabcbc5a5528fc1cf6c3fa9a1e44cec33385e",
"sha256:57c816dfbd1659a367831baca4b775b2a5b43c003daf52e9d57e1d30bc2e1b0e",
"sha256:5aa1e32983d4443e310f726ee4b071ab7569f58eedfdd65e9675484a4eb67bd1",
"sha256:6ff8728d8d890b3dda5765276d1bc6fb099252915a2cd3aff960c4c195745dd0",
"sha256:7259038202a47fdecee7e62e0fd0b0738b6daa335354396c6ddebdbe1206af2a",
"sha256:72e76caa004ab63accdf26023fccd1d087f6d90ec6048ff33ad0445abf7f605a",
"sha256:7760c1c2e1a7084153a0f68fab76e754083b126a47d0117c9ed15e69e2103492",
"sha256:8c4a6ff8a30e9e3d38ac0539e9a9e02540ab3f827a3394f8852432f6b0ea152e",
"sha256:9024beb59aca9d31d36fcdc1604dd9bbeed0a55bface9f1908df19178e2f116e",
"sha256:90cb0a7bb35959f37e23303b7eed0a32280510030daba3f7fdfbb65defde6a97",
"sha256:91098f02ca81579c85f66df8a588c78f331ca19089763d733e34ad359f474174",
"sha256:926c3ea71a6043921050eaa639137e13dbe7b4ab25800932a8498364fc1abec9",
"sha256:982518cd64c54fcada9d7e5cf28eabd3ee76bd03ab18e08a48cad7e8b6f31b18",
"sha256:9b4cf6318915dccfe218e69bbec417fdd7c7185aa7aab139a2c0beb7468c89f0",
"sha256:ad0caded895a00261a5b4aa9af828baede54638754b51955a0ac75576b831b27",
"sha256:b85980d1e345fe769cfc57c57db2b59cff5464ee0c045d52c0df087e926fbe63",
"sha256:b8fa8b0a35a9982a3c60ec79905ba5bb090fc0b9addcfd3dc2dd04267e45f25e",
"sha256:b9e38e0a83cd51e07f5a48ff9691cae95a79bea28fe4ded168a8e5c6c77e819d",
"sha256:bd4c45986472694e5121084c6ebbd112aa919a25e783b87eb95953c9573906d6",
"sha256:be97d3a19c16a9be00edf79dca949c8fa7eff621763666a145f9f9535a5d7f42",
"sha256:c648025b6840fe62e57107e0a25f604db740e728bd67da4f6f060f03017d5097",
"sha256:d05a38884db2ba215218745f0781775806bde4f32e07b135348355fe8e4991d9",
"sha256:dd420e577921c8c2d31289536c386aaa30140b473835e97f83bc71ea9d2baf2d",
"sha256:e357286c1b76403dd384d938f93c46b2b058ed4dfcdce64a770f0537ed3feb6f",
"sha256:e6c00130ed423201c5bc5544c23359141660b07999ad82e34e7bb8f882bb78e0",
"sha256:e74d30ec9c7cb2f404af331d5b4099a9b322a8a6b25c4632755c8757345baac5",
"sha256:f3562c2f23c612f2e4a6964a61d942f891d29ee320edb62ff48ffb99f3de9ae8"
"sha256:0a17377fa52563d730248ba1f68185461fff36e8bc75d8787a7dd2e20a802b7a",
"sha256:0ca4be2af48c24df689a150d9cd37404f689e2968e247b6b8ff09bff5bcd786f",
"sha256:0d1922d9280e08cde90b518a10cd66831f632960a8d08cb3418922d83fce6f12",
"sha256:0dfb7c88d4462a0cfdd0d87a3c245a7bc3feb59de101f6ff88194f740f72eda6",
"sha256:0ff483716be32690c14636e54a1f6e2e1b7bf8e22ca50b989f88fa1b2d287080",
"sha256:13e67c4d3fb8b6bc4ef778a7ccdd8df4cd15b4bcc18f4239c8440891a11245cc",
"sha256:15b5fd9358803b0d1cc42505a18d8bca81dabb35b5cfbfea1505092e13a9d96d",
"sha256:1cd6d50c1a8b79af1a6f703709d8973845f677c8e97b1268f5ff323d38ce8475",
"sha256:2dd339ba3345b908fa3141ddba4025568fa6fd398eabce3ef72a29ac2d73ad75",
"sha256:341fb7a26bc9d6093c1b124b9f13acc283d2d51da440b98b55ab3f79f2522ead",
"sha256:34f04b7311174469ab3ac2647469743720f8b6c8b046f238e5cb27905695eb2a",
"sha256:41c281a74df173876da1dc9a9b6953d387f06e3d3ed9284e3baae3ab3f40883a",
"sha256:449ef2b321bec7d97ef2c944173275ebdab78f3abdd005400cc409e27cd159ab",
"sha256:45f790934ac1018adeba46a0f7289b2b8fe76ba774a88c7f1922213a56c98bc1",
"sha256:48948940d0ae00483e85e9154bb42997d0b77c21e43a77b7773c8c80de532ac5",
"sha256:4c49eda9a23019e11d32a0eb51a27b3e7ddedde91e099c0ac6373e3aacc0d2ee",
"sha256:504e464944f2c003a0785b81668fe23c06f3b037e9cb9f68a7c672246319f277",
"sha256:534b96c0831855e29fc3b069b085fd185aa5353033631a585d5cd4dd5d40d657",
"sha256:6ef1488967e729948d424d09c94753d0167ce59afba8d0f6c07a22b629c557b2",
"sha256:7176a5ab56fac98d706921f6416a05e5aff7df0e4b91516f450f8627cda22af3",
"sha256:7411c910fb2a412053cf33cfad0153ee20d27e256c6c3f14d7d7d1d9fec59fd5",
"sha256:757af4f6341ce7a1e47c326ca2a81f41d236070217e5fbbad61bbfe299d55d28",
"sha256:7823bc7cdf0b747ecfb096d004cc41573c2f5c7e3a29861603a2871b43d3ef32",
"sha256:7fab1187b6c6b2f11a326f33b036f7168f5b996aedd0c059f9738915e4e8f53a",
"sha256:84ef1f145de5aee82ea2447224dc23f065ff4cc5791bb3b506615957a6ba8128",
"sha256:92e8cfe8bd7dd86eac0a677499894862cd5cc2fd74de917daa881d00871ac8e7",
"sha256:9394c7d5a7565ac5f7d9ba38b2617448eba384d7b107b262d63890079fad77ca",
"sha256:9495d78f52c804b5ec8878b5b8c7873aa8e63db9cd9ee387ff2db3fffe4df784",
"sha256:9873bf7c1f2a6330bdfe8621e7ce64b725784f9f0c3a6a55c3047af5849f920e",
"sha256:9babb7818fdd71394e576cf26c5452df77a355eac1a27ddfa24096665a27f8fd",
"sha256:9e8776dac9e660c22241b6587fae51a67b4b0147daa4d176b172c3ff768ad736",
"sha256:9ed64e5083fa806709e74fc5ea067dfef9090e5b7a2320a49be3c9df3583a2d8",
"sha256:9f2c4cc63be3ef43c0221861177cee5d14b505cd4d4599a89e2cd273c4d3542a",
"sha256:9f40642a140c0c8649987027867242b801486865277cbabc8c6059ddef16dc8b",
"sha256:af84e8e99f1a82cea149e253014ea9dc89f75b82c87bb6c7242203186f465129",
"sha256:b9c79af2c3058430d911ff1a5b2b96bbfe8da47d5ed961639ce4681886614e70",
"sha256:c52fded6383f7e20eaf70a60aeddd796b3677c3ad2922c801be330db62778e05",
"sha256:cbb8e769d4cac884bb28e3ff620ef1001b75588a5c83c9c9f1fdc9afbe7f29b0",
"sha256:d84c40bdb8674c29fa192373498b6cb1e84f882889d21a471b45d1f868d8d44b",
"sha256:db5597a4c7353b2e5fb05a8e6cb74b56a4658a2b7bf3cb6b1821ae7e7fd6eaa0",
"sha256:e22801b61613ebdebf7deb18b507919e107547a1d39a3b57f5f855032dd7cfb8",
"sha256:e34da95e29daf8a71cb2841fd55df0511539a6cdf33e6f77c1e95e44006b9b46",
"sha256:e46710a240a41d594953012213ea8ca398cd2448fbc5d0f1be8160b5511104a0",
"sha256:e94eb5fa32a8a9f9bf991f424f002913e3dd7c699ef552db9b14ba6a76a6313b",
"sha256:ec13b7105117dbc9afd023300fb9954d72ca855c274fe563e72428ece10191c0",
"sha256:ed570874e88f213437f5cf758f9ef26cbfc3f336d889b1e592ee11283bb8d1c7",
"sha256:ed957044e368ed295257ae3d212b95456bd9756df490e1ac4538857f67531fcc",
"sha256:ef648d2c690703501714588b2ba640facd50fd16548133b11b2859e8655a69da",
"sha256:efc9e51c3e595267ff84adf56e9b357db89ab2279d7e375ffcaf8f678606f3d9",
"sha256:f736ab8036796f5a119ff8211deda416f8c15ce03776db704a7a4e17381cb2ef",
"sha256:f7a24ea78de345cfa7f6a8d3bde8b242c7fac27f2bd78fa23474ca38dfaeeab9",
"sha256:f7de12fa0eee6234de9a9ce0ffcfa6ce97361db7a50b09b65c63ac58e5f22fc7",
"sha256:f9b55038b5c6c47559aa33626d8ecd092f354e23de3c6975e4bb205df128a2a0",
"sha256:fd4b5e2ee4e60425711ec65c33add4e7a626adef79d66f62ba0acfd493af282d"
],
"markers": "python_version >= '3.7' and python_full_version not in '3.9.0, 3.9.1'",
"version": "==45.0.5"
"markers": "python_version >= '3.8' and python_full_version not in '3.9.0, 3.9.1'",
"version": "==46.0.1"
},
"distro": {
"hashes": [
"sha256:2fa77c6fd8940f116ee1d6b94a2f90b13b5ea8d019b98bc8bafdcabcdd9bdbed",
"sha256:7bffd925d65168f85027d8da9af6bddab658135b840670a223589bc0c8ef02b2"
],
"markers": "python_version >= '3.6'",
"version": "==1.9.0"
},
"filelock": {
"hashes": [
"sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2",
"sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de"
"sha256:66eda1888b0171c998b35be2bcc0f6d75c388a7ce20c3f3f37aa8e96c2dddf58",
"sha256:d38e30481def20772f5baf097c122c3babc4fcdb7e14e57049eb9d88c6dc017d"
],
"markers": "python_version >= '3.9'",
"version": "==3.18.0"
"version": "==3.19.1"
},
"importlib-metadata": {
"hashes": [
@@ -244,19 +286,19 @@
},
"jsonschema": {
"hashes": [
"sha256:0b4e8069eb12aedfa881333004bccaec24ecef5a8a6a4b6df142b2cc9599d196",
"sha256:a462455f19f5faf404a7902952b6f0e3ce868f3ee09a359b05eca6673bd8412d"
"sha256:3fba0169e345c7175110351d456342c364814cfcf3b964ba4587f22915230a63",
"sha256:e4a9655ce0da0c0b67a085847e00a3a51449e1157f4f75e9fb5aa545e122eb85"
],
"markers": "python_version >= '3.9'",
"version": "==4.24.0"
"version": "==4.25.1"
},
"jsonschema-specifications": {
"hashes": [
"sha256:4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af",
"sha256:630159c9f4dbea161a6a2205c3011cc4f18ff381b189fff48bb39b9bf26ae608"
"sha256:98802fee3a11ee76ecaca44429fda8a41bff98b00a0f2838151b113f210cc6fe",
"sha256:b540987f239e745613c7a9176f3edb72b832a4ac465cf02712288397832b5e8d"
],
"markers": "python_version >= '3.9'",
"version": "==2025.4.1"
"version": "==2025.9.1"
},
"markupsafe": {
"hashes": [
@@ -351,19 +393,27 @@
},
"platformdirs": {
"hashes": [
"sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc",
"sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4"
"sha256:abd01743f24e5287cd7a5db3752faf1a2d65353f38ec26d98e25a6db65958c85",
"sha256:ca753cf4d81dc309bc67b0ea38fd15dc97bc30ce419a7f58d13eb3bf14c4febf"
],
"markers": "python_version >= '3.9'",
"version": "==4.3.8"
"version": "==4.4.0"
},
"pycparser": {
"hashes": [
"sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6",
"sha256:c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc"
"sha256:78816d4f24add8f10a06d6f05b4d424ad9e96cfebf68a4ddc99c65c0720d00c2",
"sha256:e5c6e8d3fbad53479cab09ac03729e0a9faf2bee3db8208a550daf5af81a5934"
],
"markers": "python_version >= '3.8'",
"version": "==2.22"
"version": "==2.23"
},
"pytokens": {
"hashes": [
"sha256:c9a4bfa0be1d26aebce03e6884ba454e842f186a59ea43a6d3b25af58223c044",
"sha256:db7b72284e480e69fb085d9f251f66b3d2df8b7166059261258ff35f50fb711b"
],
"markers": "python_version >= '3.8'",
"version": "==0.1.10"
},
"pyyaml": {
"hashes": [
@@ -434,170 +484,182 @@
},
"resolvelib": {
"hashes": [
"sha256:04ce76cbd63fded2078ce224785da6ecd42b9564b1390793f64ddecbe997b309",
"sha256:d2da45d1a8dfee81bdd591647783e340ef3bcb104b54c383f70d422ef5cc7dbf"
"sha256:8e3e2000beaf53fdfd8772fda1a7b1df97e803ab7c8925621bbb87c4d187a94d",
"sha256:c27fbb5098acd7dfc01fb2be3724bd0881168edc2bd3b4dc876ca3f46b8e4a3d"
],
"version": "==1.0.1"
"markers": "python_version >= '3.9'",
"version": "==1.2.0"
},
"rpds-py": {
"hashes": [
"sha256:0919f38f5542c0a87e7b4afcafab6fd2c15386632d249e9a087498571250abe3",
"sha256:093d63b4b0f52d98ebae33b8c50900d3d67e0666094b1be7a12fffd7f65de74b",
"sha256:0a0b60701f2300c81b2ac88a5fb893ccfa408e1c4a555a77f908a2596eb875a5",
"sha256:0c71c2f6bf36e61ee5c47b2b9b5d47e4d1baad6426bfed9eea3e858fc6ee8806",
"sha256:0dc23bbb3e06ec1ea72d515fb572c1fea59695aefbffb106501138762e1e915e",
"sha256:0dfa6115c6def37905344d56fb54c03afc49104e2ca473d5dedec0f6606913b4",
"sha256:12bff2ad9447188377f1b2794772f91fe68bb4bbfa5a39d7941fbebdbf8c500f",
"sha256:1533b7eb683fb5f38c1d68a3c78f5fdd8f1412fa6b9bf03b40f450785a0ab915",
"sha256:1766b5724c3f779317d5321664a343c07773c8c5fd1532e4039e6cc7d1a815be",
"sha256:181ef9b6bbf9845a264f9aa45c31836e9f3c1f13be565d0d010e964c661d1e2b",
"sha256:183f857a53bcf4b1b42ef0f57ca553ab56bdd170e49d8091e96c51c3d69ca696",
"sha256:191aa858f7d4902e975d4cf2f2d9243816c91e9605070aeb09c0a800d187e323",
"sha256:1a8b0dd8648709b62d9372fc00a57466f5fdeefed666afe3fea5a6c9539a0331",
"sha256:1c962145c7473723df9722ba4c058de12eb5ebedcb4e27e7d902920aa3831ee8",
"sha256:1cc81d14ddfa53d7f3906694d35d54d9d3f850ef8e4e99ee68bc0d1e5fed9a9c",
"sha256:1d815d48b1804ed7867b539236b6dd62997850ca1c91cad187f2ddb1b7bbef19",
"sha256:1e6c15d2080a63aaed876e228efe4f814bc7889c63b1e112ad46fdc8b368b9e1",
"sha256:20ab1ae4fa534f73647aad289003f1104092890849e0266271351922ed5574f8",
"sha256:20dae58a859b0906f0685642e591056f1e787f3a8b39c8e8749a45dc7d26bdb0",
"sha256:238e8c8610cb7c29460e37184f6799547f7e09e6a9bdbdab4e8edb90986a2318",
"sha256:24a4146ccb15be237fdef10f331c568e1b0e505f8c8c9ed5d67759dac58ac246",
"sha256:257d011919f133a4746958257f2c75238e3ff54255acd5e3e11f3ff41fd14256",
"sha256:2a343f91b17097c546b93f7999976fd6c9d5900617aa848c81d794e062ab302b",
"sha256:2abe21d8ba64cded53a2a677e149ceb76dcf44284202d737178afe7ba540c1eb",
"sha256:2c03c9b0c64afd0320ae57de4c982801271c0c211aa2d37f3003ff5feb75bb04",
"sha256:2c9c1b92b774b2e68d11193dc39620d62fd8ab33f0a3c77ecdabe19c179cdbc1",
"sha256:3021933c2cb7def39d927b9862292e0f4c75a13d7de70eb0ab06efed4c508c19",
"sha256:3100b3090269f3a7ea727b06a6080d4eb7439dca4c0e91a07c5d133bb1727ea7",
"sha256:313cfcd6af1a55a286a3c9a25f64af6d0e46cf60bc5798f1db152d97a216ff6f",
"sha256:35e9a70a0f335371275cdcd08bc5b8051ac494dd58bff3bbfb421038220dc871",
"sha256:38721d4c9edd3eb6670437d8d5e2070063f305bfa2d5aa4278c51cedcd508a84",
"sha256:390e3170babf42462739a93321e657444f0862c6d722a291accc46f9d21ed04e",
"sha256:39bfea47c375f379d8e87ab4bb9eb2c836e4f2069f0f65731d85e55d74666387",
"sha256:3ac51b65e8dc76cf4949419c54c5528adb24fc721df722fd452e5fbc236f5c40",
"sha256:3c0909c5234543ada2515c05dc08595b08d621ba919629e94427e8e03539c958",
"sha256:3da5852aad63fa0c6f836f3359647870e21ea96cf433eb393ffa45263a170d44",
"sha256:3e1157659470aa42a75448b6e943c895be8c70531c43cb78b9ba990778955582",
"sha256:4019a9d473c708cf2f16415688ef0b4639e07abaa569d72f74745bbeffafa2c7",
"sha256:43f10b007033f359bc3fa9cd5e6c1e76723f056ffa9a6b5c117cc35720a80292",
"sha256:49028aa684c144ea502a8e847d23aed5e4c2ef7cadfa7d5eaafcb40864844b7a",
"sha256:4916dc96489616a6f9667e7526af8fa693c0fdb4f3acb0e5d9f4400eb06a47ba",
"sha256:4a59e5bc386de021f56337f757301b337d7ab58baa40174fb150accd480bc953",
"sha256:4b1f66eb81eab2e0ff5775a3a312e5e2e16bf758f7b06be82fb0d04078c7ac51",
"sha256:4c5fe114a6dd480a510b6d3661d09d67d1622c4bf20660a474507aaee7eeeee9",
"sha256:4c70c70f9169692b36307a95f3d8c0a9fcd79f7b4a383aad5eaa0e9718b79b37",
"sha256:4d11382bcaf12f80b51d790dee295c56a159633a8e81e6323b16e55d81ae37e9",
"sha256:4f01a5d6444a3258b00dc07b6ea4733e26f8072b788bef750baa37b370266137",
"sha256:4f789e32fa1fb6a7bf890e0124e7b42d1e60d28ebff57fe806719abb75f0e9a3",
"sha256:4feb7511c29f8442cbbc28149a92093d32e815a28aa2c50d333826ad2a20fdf0",
"sha256:511d15193cbe013619dd05414c35a7dedf2088fcee93c6bbb7c77859765bd4e8",
"sha256:519067e29f67b5c90e64fb1a6b6e9d2ec0ba28705c51956637bac23a2f4ddae1",
"sha256:521ccf56f45bb3a791182dc6b88ae5f8fa079dd705ee42138c76deb1238e554e",
"sha256:529c8156d7506fba5740e05da8795688f87119cce330c244519cf706a4a3d618",
"sha256:582462833ba7cee52e968b0341b85e392ae53d44c0f9af6a5927c80e539a8b67",
"sha256:5963b72ccd199ade6ee493723d18a3f21ba7d5b957017607f815788cef50eaf1",
"sha256:59b2093224a18c6508d95cfdeba8db9cbfd6f3494e94793b58972933fcee4c6d",
"sha256:5afaddaa8e8c7f1f7b4c5c725c0070b6eed0228f705b90a1732a48e84350f4e9",
"sha256:5afea17ab3a126006dc2f293b14ffc7ef3c85336cf451564a0515ed7648033da",
"sha256:5e09330b21d98adc8ccb2dbb9fc6cb434e8908d4c119aeaa772cb1caab5440a0",
"sha256:6188de70e190847bb6db3dc3981cbadff87d27d6fe9b4f0e18726d55795cee9b",
"sha256:68ffcf982715f5b5b7686bdd349ff75d422e8f22551000c24b30eaa1b7f7ae84",
"sha256:696764a5be111b036256c0b18cd29783fab22154690fc698062fc1b0084b511d",
"sha256:69a607203441e07e9a8a529cff1d5b73f6a160f22db1097211e6212a68567d11",
"sha256:69b312fecc1d017b5327afa81d4da1480f51c68810963a7336d92203dbb3d4f1",
"sha256:69f0c0a3df7fd3a7eec50a00396104bb9a843ea6d45fcc31c2d5243446ffd7a7",
"sha256:6a1cb5d6ce81379401bbb7f6dbe3d56de537fb8235979843f0d53bc2e9815a79",
"sha256:6d3498ad0df07d81112aa6ec6c95a7e7b1ae00929fb73e7ebee0f3faaeabad2f",
"sha256:72a8d9564a717ee291f554eeb4bfeafe2309d5ec0aa6c475170bdab0f9ee8e88",
"sha256:777c62479d12395bfb932944e61e915741e364c843afc3196b694db3d669fcd0",
"sha256:77a7711fa562ba2da1aa757e11024ad6d93bad6ad7ede5afb9af144623e5f76a",
"sha256:79061ba1a11b6a12743a2b0f72a46aa2758613d454aa6ba4f5a265cc48850158",
"sha256:7a48af25d9b3c15684059d0d1fc0bc30e8eee5ca521030e2bffddcab5be40226",
"sha256:7ab504c4d654e4a29558eaa5bb8cea5fdc1703ea60a8099ffd9c758472cf913f",
"sha256:7bdb17009696214c3b66bb3590c6d62e14ac5935e53e929bcdbc5a495987a84f",
"sha256:7da84c2c74c0f5bc97d853d9e17bb83e2dcafcff0dc48286916001cc114379a1",
"sha256:801a71f70f9813e82d2513c9a96532551fce1e278ec0c64610992c49c04c2dad",
"sha256:824e6d3503ab990d7090768e4dfd9e840837bae057f212ff9f4f05ec6d1975e7",
"sha256:82b165b07f416bdccf5c84546a484cc8f15137ca38325403864bfdf2b5b72f6a",
"sha256:84cfbd4d4d2cdeb2be61a057a258d26b22877266dd905809e94172dff01a42ae",
"sha256:84d142d2d6cf9b31c12aa4878d82ed3b2324226270b89b676ac62ccd7df52d08",
"sha256:87a5531de9f71aceb8af041d72fc4cab4943648d91875ed56d2e629bef6d4c03",
"sha256:893b022bfbdf26d7bedb083efeea624e8550ca6eb98bf7fea30211ce95b9201a",
"sha256:894514d47e012e794f1350f076c427d2347ebf82f9b958d554d12819849a369d",
"sha256:8a7898b6ca3b7d6659e55cdac825a2e58c638cbf335cde41f4619e290dd0ad11",
"sha256:8ad7fd2258228bf288f2331f0a6148ad0186b2e3643055ed0db30990e59817a6",
"sha256:92c8db839367ef16a662478f0a2fe13e15f2227da3c1430a782ad0f6ee009ec9",
"sha256:941c1cfdf4799d623cf3aa1d326a6b4fdb7a5799ee2687f3516738216d2262fb",
"sha256:9bc596b30f86dc6f0929499c9e574601679d0341a0108c25b9b358a042f51bca",
"sha256:9c55b0a669976cf258afd718de3d9ad1b7d1fe0a91cd1ab36f38b03d4d4aeaaf",
"sha256:9da4e873860ad5bab3291438525cae80169daecbfafe5657f7f5fb4d6b3f96b9",
"sha256:9def736773fd56b305c0eef698be5192c77bfa30d55a0e5885f80126c4831a15",
"sha256:9dfbe56b299cf5875b68eb6f0ebaadc9cac520a1989cac0db0765abfb3709c19",
"sha256:9e851920caab2dbcae311fd28f4313c6953993893eb5c1bb367ec69d9a39e7ed",
"sha256:9e8cb77286025bdb21be2941d64ac6ca016130bfdcd228739e8ab137eb4406ed",
"sha256:a547e21c5610b7e9093d870be50682a6a6cf180d6da0f42c47c306073bfdbbf6",
"sha256:a90a13408a7a856b87be8a9f008fff53c5080eea4e4180f6c2e546e4a972fb5d",
"sha256:a9a63785467b2d73635957d32a4f6e73d5e4df497a16a6392fa066b753e87387",
"sha256:aa81873e2c8c5aa616ab8e017a481a96742fdf9313c40f14338ca7dbf50cb55f",
"sha256:ac64f4b2bdb4ea622175c9ab7cf09444e412e22c0e02e906978b3b488af5fde8",
"sha256:aea1f9741b603a8d8fedb0ed5502c2bc0accbc51f43e2ad1337fe7259c2b77a5",
"sha256:b0afb8cdd034150d4d9f53926226ed27ad15b7f465e93d7468caaf5eafae0d37",
"sha256:b37a04d9f52cb76b6b78f35109b513f6519efb481d8ca4c321f6a3b9580b3f45",
"sha256:b5f7a446ddaf6ca0fad9a5535b56fbfc29998bf0e0b450d174bbec0d600e1d72",
"sha256:b6d9e5a2ed9c4988c8f9b28b3bc0e3e5b1aaa10c28d210a594ff3a8c02742daf",
"sha256:b6e2c12160c72aeda9d1283e612f68804621f448145a210f1bf1d79151c47090",
"sha256:b818a592bd69bfe437ee8368603d4a2d928c34cffcdf77c2e761a759ffd17d20",
"sha256:c1851f429b822831bd2edcbe0cfd12ee9ea77868f8d3daf267b189371671c80e",
"sha256:c1fb0cda2abcc0ac62f64e2ea4b4e64c57dfd6b885e693095460c61bde7bb18e",
"sha256:c5ab0ee51f560d179b057555b4f601b7df909ed31312d301b99f8b9fc6028284",
"sha256:c70d9ec912802ecfd6cd390dadb34a9578b04f9bcb8e863d0a7598ba5e9e7ccc",
"sha256:c741107203954f6fc34d3066d213d0a0c40f7bb5aafd698fb39888af277c70d8",
"sha256:ca3f059f4ba485d90c8dc75cb5ca897e15325e4e609812ce57f896607c1c0867",
"sha256:caf51943715b12af827696ec395bfa68f090a4c1a1d2509eb4e2cb69abbbdb33",
"sha256:cb28c1f569f8d33b2b5dcd05d0e6ef7005d8639c54c2f0be824f05aedf715255",
"sha256:cdad4ea3b4513b475e027be79e5a0ceac8ee1c113a1a11e5edc3c30c29f964d8",
"sha256:cf47cfdabc2194a669dcf7a8dbba62e37a04c5041d2125fae0233b720da6f05c",
"sha256:d04cab0a54b9dba4d278fe955a1390da3cf71f57feb78ddc7cb67cbe0bd30323",
"sha256:d422b945683e409000c888e384546dbab9009bb92f7c0b456e217988cf316107",
"sha256:d80bf832ac7b1920ee29a426cdca335f96a2b5caa839811803e999b41ba9030d",
"sha256:da619979df60a940cd434084355c514c25cf8eb4cf9a508510682f6c851a4f7a",
"sha256:dafd4c44b74aa4bed4b250f1aed165b8ef5de743bcca3b88fc9619b6087093d2",
"sha256:dca83c498b4650a91efcf7b88d669b170256bf8017a5db6f3e06c2bf031f57e0",
"sha256:de2713f48c1ad57f89ac25b3cb7daed2156d8e822cf0eca9b96a6f990718cc41",
"sha256:de4ed93a8c91debfd5a047be327b7cc8b0cc6afe32a716bbbc4aedca9e2a83af",
"sha256:df52098cde6d5e02fa75c1f6244f07971773adb4a26625edd5c18fee906fa84d",
"sha256:dfbf280da5f876d0b00c81f26bedce274e72a678c28845453885a9b3c22ae632",
"sha256:e3730a48e5622e598293eee0762b09cff34dd3f271530f47b0894891281f051d",
"sha256:e5162afc9e0d1f9cae3b577d9c29ddbab3505ab39012cb794d94a005825bde21",
"sha256:e5d524d68a474a9688336045bbf76cb0def88549c1b2ad9dbfec1fb7cfbe9170",
"sha256:e99685fc95d386da368013e7fb4269dd39c30d99f812a8372d62f244f662709c",
"sha256:ea89a2458a1a75f87caabefe789c87539ea4e43b40f18cff526052e35bbb4fdf",
"sha256:ec671691e72dff75817386aa02d81e708b5a7ec0dec6669ec05213ff6b77e1bd",
"sha256:eed5ac260dd545fbc20da5f4f15e7efe36a55e0e7cf706e4ec005b491a9546a0",
"sha256:f14440b9573a6f76b4ee4770c13f0b5921f71dde3b6fcb8dabbefd13b7fe05d7",
"sha256:f405c93675d8d4c5ac87364bb38d06c988e11028a64b52a47158a355079661f3",
"sha256:f53ec51f9d24e9638a40cabb95078ade8c99251945dad8d57bf4aabe86ecee35",
"sha256:f61a9326f80ca59214d1cceb0a09bb2ece5b2563d4e0cd37bfd5515c28510674",
"sha256:f7bf2496fa563c046d05e4d232d7b7fd61346e2402052064b773e5c378bf6f73",
"sha256:fbaa70553ca116c77717f513e08815aec458e6b69a028d4028d403b3bc84ff37",
"sha256:fc3e55a7db08dc9a6ed5fb7103019d2c1a38a349ac41901f9f66d7f95750942f",
"sha256:fc921b96fa95a097add244da36a1d9e4f3039160d1d30f1b35837bf108c21136",
"sha256:fd0641abca296bc1a00183fe44f7fced8807ed49d501f188faa642d0e4975b83",
"sha256:feac1045b3327a45944e7dcbeb57530339f6b17baff154df51ef8b0da34c8c12",
"sha256:ff110acded3c22c033e637dd8896e411c7d3a11289b2edf041f86663dbc791e9"
"sha256:008b839781d6c9bf3b6a8984d1d8e56f0ec46dc56df61fd669c49b58ae800400",
"sha256:037a2361db72ee98d829bc2c5b7cc55598ae0a5e0ec1823a56ea99374cfd73c1",
"sha256:079bc583a26db831a985c5257797b2b5d3affb0386e7ff886256762f82113b5e",
"sha256:08f1e20bccf73b08d12d804d6e1c22ca5530e71659e6673bce31a6bb71c1e73f",
"sha256:0b08d152555acf1f455154d498ca855618c1378ec810646fcd7c76416ac6dc60",
"sha256:0d807710df3b5faa66c731afa162ea29717ab3be17bdc15f90f2d9f183da4059",
"sha256:0dc5dceeaefcc96dc192e3a80bbe1d6c410c469e97bdd47494a7d930987f18b2",
"sha256:12ed005216a51b1d6e2b02a7bd31885fe317e45897de81d86dcce7d74618ffff",
"sha256:134fae0e36022edad8290a6661edf40c023562964efea0cc0ec7f5d392d2aaef",
"sha256:13e608ac9f50a0ed4faec0e90ece76ae33b34c0e8656e3dceb9a7db994c692cd",
"sha256:1441811a96eadca93c517d08df75de45e5ffe68aa3089924f963c782c4b898cf",
"sha256:15d3b4d83582d10c601f481eca29c3f138d44c92187d197aff663a269197c02d",
"sha256:16323f674c089b0360674a4abd28d5042947d54ba620f72514d69be4ff64845e",
"sha256:168b025f8fd8d8d10957405f3fdcef3dc20f5982d398f90851f4abc58c566c52",
"sha256:1b207d881a9aef7ba753d69c123a35d96ca7cb808056998f6b9e8747321f03b8",
"sha256:1fea2b1a922c47c51fd07d656324531adc787e415c8b116530a1d29c0516c62d",
"sha256:23f6b69d1c26c4704fec01311963a41d7de3ee0570a84ebde4d544e5a1859ffc",
"sha256:2643400120f55c8a96f7c9d858f7be0c88d383cd4653ae2cf0d0c88f668073e5",
"sha256:26a1c73171d10b7acccbded82bf6a586ab8203601e565badc74bbbf8bc5a10f8",
"sha256:2bde09cbcf2248b73c7c323be49b280180ff39fadcfe04e7b6f54a678d02a7cf",
"sha256:2c426b99a068601b5f4623573df7a7c3d72e87533a2dd2253353a03e7502566c",
"sha256:2efe4eb1d01b7f5f1939f4ef30ecea6c6b3521eec451fb93191bf84b2a522418",
"sha256:2f57af9b4d0793e53266ee4325535a31ba48e2f875da81a9177c9926dfa60746",
"sha256:2fd50659a069c15eef8aa3d64bbef0d69fd27bb4a50c9ab4f17f83a16cbf8905",
"sha256:3020724ade63fe320a972e2ffd93b5623227e684315adce194941167fee02688",
"sha256:3182af66048c00a075010bc7f4860f33913528a4b6fc09094a6e7598e462fe39",
"sha256:31d3ebadefcd73b73928ed0b2fd696f7fefda8629229f81929ac9c1854d0cffb",
"sha256:33aa65b97826a0e885ef6e278fbd934e98cdcfed80b63946025f01e2f5b29502",
"sha256:387ce8c44ae94e0ec50532d9cb0edce17311024c9794eb196b90e1058aadeb66",
"sha256:3adc388fc3afb6540aec081fa59e6e0d3908722771aa1e37ffe22b220a436f0b",
"sha256:3c64d07e95606ec402a0a1c511fe003873fa6af630bda59bac77fac8b4318ebc",
"sha256:3ce0cac322b0d69b63c9cdb895ee1b65805ec9ffad37639f291dd79467bee675",
"sha256:3d905d16f77eb6ab2e324e09bfa277b4c8e5e6b8a78a3e7ff8f3cdf773b4c013",
"sha256:3deab27804d65cd8289eb814c2c0e807c4b9d9916c9225e363cb0cf875eb67c1",
"sha256:3e039aabf6d5f83c745d5f9a0a381d031e9ed871967c0a5c38d201aca41f3ba1",
"sha256:41e532bbdcb57c92ba3be62c42e9f096431b4cf478da9bc3bc6ce5c38ab7ba7a",
"sha256:42a89282d711711d0a62d6f57d81aa43a1368686c45bc1c46b7f079d55692734",
"sha256:466bfe65bd932da36ff279ddd92de56b042f2266d752719beb97b08526268ec5",
"sha256:4708c5c0ceb2d034f9991623631d3d23cb16e65c83736ea020cdbe28d57c0a0e",
"sha256:47162fdab9407ec3f160805ac3e154df042e577dd53341745fc7fb3f625e6d92",
"sha256:4848ca84d6ded9b58e474dfdbad4b8bfb450344c0551ddc8d958bf4b36aa837c",
"sha256:4b507d19f817ebaca79574b16eb2ae412e5c0835542c93fe9983f1e432aca195",
"sha256:4e44099bd522cba71a2c6b97f68e19f40e7d85399de899d66cdb67b32d7cb786",
"sha256:4ed2e16abbc982a169d30d1a420274a709949e2cbdef119fe2ec9d870b42f274",
"sha256:4f75e4bd8ab8db624e02c8e2fc4063021b58becdbe6df793a8111d9343aec1e3",
"sha256:4fc9b7fe29478824361ead6e14e4f5aed570d477e06088826537e202d25fe859",
"sha256:50c946f048209e6362e22576baea09193809f87687a95a8db24e5fbdb307b93a",
"sha256:5281ed1cc1d49882f9997981c88df1a22e140ab41df19071222f7e5fc4e72125",
"sha256:530064db9146b247351f2a0250b8f00b289accea4596a033e94be2389977de71",
"sha256:55266dafa22e672f5a4f65019015f90336ed31c6383bd53f5e7826d21a0e0b83",
"sha256:5b640501be9288c77738b5492b3fd3abc4ba95c50c2e41273c8a1459f08298d3",
"sha256:62ac3d4e3e07b58ee0ddecd71d6ce3b1637de2d373501412df395a0ec5f9beb5",
"sha256:62f85b665cedab1a503747617393573995dac4600ff51869d69ad2f39eb5e817",
"sha256:639fd5efec029f99b79ae47e5d7e00ad8a773da899b6309f6786ecaf22948c48",
"sha256:6567d2bb951e21232c2f660c24cf3470bb96de56cdcb3f071a83feeaff8a2772",
"sha256:67ce7620704745881a3d4b0ada80ab4d99df390838839921f99e63c474f82cf2",
"sha256:689fb5200a749db0415b092972e8eba85847c23885c8543a8b0f5c009b1a5948",
"sha256:68afeec26d42ab3b47e541b272166a0b4400313946871cba3ed3a4fc0cab1cef",
"sha256:6e5e54da1e74b91dbc7996b56640f79b195d5925c2b78efaa8c5d53e1d88edde",
"sha256:6f4461bf931108c9fa226ffb0e257c1b18dc2d44cd72b125bec50ee0ab1248a9",
"sha256:6f5b7bd8e219ed50299e58551a410b64daafb5017d54bbe822e003856f06a802",
"sha256:70d0738ef8fee13c003b100c2fbd667ec4f133468109b3472d249231108283a3",
"sha256:71108900c9c3c8590697244b9519017a400d9ba26a36c48381b3f64743a44aab",
"sha256:74e5b2f7bb6fa38b1b10546d27acbacf2a022a8b5543efb06cfebc72a59c85be",
"sha256:78af06ddc7fe5cc0e967085a9115accee665fb912c22a3f54bad70cc65b05fe6",
"sha256:7b002cab05d6339716b03a4a3a2ce26737f6231d7b523f339fa061d53368c9d8",
"sha256:7b90b0496570bd6b0321724a330d8b545827c4df2034b6ddfc5f5275f55da2ad",
"sha256:7ba22cb9693df986033b91ae1d7a979bc399237d45fccf875b76f62bb9e52ddf",
"sha256:7ba32c16b064267b22f1850a34051121d423b6f7338a12b9459550eb2096e7ec",
"sha256:7e32721e5d4922deaaf963469d795d5bde6093207c52fec719bd22e5d1bedbc4",
"sha256:7ee6521b9baf06085f62ba9c7a3e5becffbc32480d2f1b351559c001c38ce4c1",
"sha256:80c60cfb5310677bd67cb1e85a1e8eb52e12529545441b43e6f14d90b878775a",
"sha256:8177002868d1426305bb5de1e138161c2ec9eb2d939be38291d7c431c4712df8",
"sha256:819064fa048ba01b6dadc5116f3ac48610435ac9a0058bbde98e569f9e785c39",
"sha256:84f7d509870098de0e864cad0102711c1e24e9b1a50ee713b65928adb22269e4",
"sha256:879b0e14a2da6a1102a3fc8af580fc1ead37e6d6692a781bd8c83da37429b5ab",
"sha256:8a3f29aba6e2d7d90528d3c792555a93497fe6538aa65eb675b44505be747808",
"sha256:8a63b640a7845f2bdd232eb0d0a4a2dd939bcdd6c57e6bb134526487f3160ec5",
"sha256:8b61097f7488de4be8244c89915da8ed212832ccf1e7c7753a25a394bf9b1f10",
"sha256:8ee50c3e41739886606388ba3ab3ee2aae9f35fb23f833091833255a31740797",
"sha256:8fabb8fd848a5f75a2324e4a84501ee3a5e3c78d8603f83475441866e60b94a3",
"sha256:9024de74731df54546fab0bfbcdb49fae19159ecaecfc8f37c18d2c7e2c0bd61",
"sha256:92022bbbad0d4426e616815b16bc4127f83c9a74940e1ccf3cfe0b387aba0228",
"sha256:93a2ed40de81bcff59aabebb626562d48332f3d028ca2036f1d23cbb52750be4",
"sha256:94c44ee01fd21c9058f124d2d4f0c9dc7634bec93cd4b38eefc385dabe71acbf",
"sha256:9a1f4814b65eacac94a00fc9a526e3fdafd78e439469644032032d0d63de4881",
"sha256:9d992ac10eb86d9b6f369647b6a3f412fc0075cfd5d799530e84d335e440a002",
"sha256:9e71f5a087ead99563c11fdaceee83ee982fd39cf67601f4fd66cb386336ee52",
"sha256:a205fdfe55c90c2cd8e540ca9ceba65cbe6629b443bc05db1f590a3db8189ff9",
"sha256:a46fdec0083a26415f11d5f236b79fa1291c32aaa4a17684d82f7017a1f818b1",
"sha256:a50431bf02583e21bf273c71b89d710e7a710ad5e39c725b14e685610555926f",
"sha256:a512c8263249a9d68cac08b05dd59d2b3f2061d99b322813cbcc14c3c7421998",
"sha256:a55b9132bb1ade6c734ddd2759c8dc132aa63687d259e725221f106b83a0e485",
"sha256:a6e57b0abfe7cc513450fcf529eb486b6e4d3f8aee83e92eb5f1ef848218d456",
"sha256:a75f305c9b013289121ec0f1181931975df78738cdf650093e6b86d74aa7d8dd",
"sha256:a9e960fc78fecd1100539f14132425e1d5fe44ecb9239f8f27f079962021523e",
"sha256:aa8933159edc50be265ed22b401125c9eebff3171f570258854dbce3ecd55475",
"sha256:aaf94f812c95b5e60ebaf8bfb1898a7d7cb9c1af5744d4a67fa47796e0465d4e",
"sha256:abfa1171a9952d2e0002aba2ad3780820b00cc3d9c98c6630f2e93271501f66c",
"sha256:acb9aafccaae278f449d9c713b64a9e68662e7799dbd5859e2c6b3c67b56d334",
"sha256:ae2775c1973e3c30316892737b91f9283f9908e3cc7625b9331271eaaed7dc90",
"sha256:ae92443798a40a92dc5f0b01d8a7c93adde0c4dc965310a29ae7c64d72b9fad2",
"sha256:b2e7f8f169d775dd9092a1743768d771f1d1300453ddfe6325ae3ab5332b4657",
"sha256:b4938466c6b257b2f5c4ff98acd8128ec36b5059e5c8f8372d79316b1c36bb15",
"sha256:b6dfb0e058adb12d8b1d1b25f686e94ffa65d9995a5157afe99743bf7369d62b",
"sha256:b7fb801aa7f845ddf601c49630deeeccde7ce10065561d92729bfe81bd21fb33",
"sha256:ba81d2b56b6d4911ce735aad0a1d4495e808b8ee4dc58715998741a26874e7c2",
"sha256:bbf94c58e8e0cd6b6f38d8de67acae41b3a515c26169366ab58bdca4a6883bb8",
"sha256:be898f271f851f68b318872ce6ebebbc62f303b654e43bf72683dbdc25b7c881",
"sha256:bf876e79763eecf3e7356f157540d6a093cef395b65514f17a356f62af6cc136",
"sha256:c1476d6f29eb81aa4151c9a31219b03f1f798dc43d8af1250a870735516a1212",
"sha256:c2a8fed130ce946d5c585eddc7c8eeef0051f58ac80a8ee43bd17835c144c2cc",
"sha256:c46c9dd2403b66a2a3b9720ec4b74d4ab49d4fabf9f03dfdce2d42af913fe8d0",
"sha256:c4b676c4ae3921649a15d28ed10025548e9b561ded473aa413af749503c6737e",
"sha256:c796c0c1cc68cb08b0284db4229f5af76168172670c74908fdbd4b7d7f515819",
"sha256:c918c65ec2e42c2a78d19f18c553d77319119bf43aa9e2edf7fb78d624355527",
"sha256:cb56c6210ef77caa58e16e8c17d35c63fe3f5b60fd9ba9d424470c3400bcf9ed",
"sha256:cdfe4bb2f9fe7458b7453ad3c33e726d6d1c7c0a72960bcc23800d77384e42df",
"sha256:cf9931f14223de59551ab9d38ed18d92f14f055a5f78c1d8ad6493f735021bbb",
"sha256:d252f2d8ca0195faa707f8eb9368955760880b2b42a8ee16d382bf5dd807f89a",
"sha256:d5fa0ee122dc09e23607a28e6d7b150da16c662e66409bbe85230e4c85bb528a",
"sha256:d76f9cc8665acdc0c9177043746775aa7babbf479b5520b78ae4002d889f5c21",
"sha256:d78827d7ac08627ea2c8e02c9e5b41180ea5ea1f747e9db0915e3adf36b62dcf",
"sha256:d7ff07d696a7a38152ebdb8212ca9e5baab56656749f3d6004b34ab726b550b8",
"sha256:d9199717881f13c32c4046a15f024971a3b78ad4ea029e8da6b86e5aa9cf4594",
"sha256:dc23e6820e3b40847e2f4a7726462ba0cf53089512abe9ee16318c366494c17a",
"sha256:dce51c828941973a5684d458214d3a36fcd28da3e1875d659388f4f9f12cc33e",
"sha256:dd2135527aa40f061350c3f8f89da2644de26cd73e4de458e79606384f4f68e7",
"sha256:dd6cd0485b7d347304067153a6dc1d73f7d4fd995a396ef32a24d24b8ac63ac8",
"sha256:df8b74962e35c9249425d90144e721eed198e6555a0e22a563d29fe4486b51f6",
"sha256:dfbfac137d2a3d0725758cd141f878bf4329ba25e34979797c89474a89a8a3a3",
"sha256:e202e6d4188e53c6661af813b46c37ca2c45e497fc558bacc1a7630ec2695aec",
"sha256:e2f6fd8a1cea5bbe599b6e78a6e5ee08db434fc8ffea51ff201c8765679698b3",
"sha256:e48af21883ded2b3e9eb48cb7880ad8598b31ab752ff3be6457001d78f416723",
"sha256:e4b9fcfbc021633863a37e92571d6f91851fa656f0180246e84cbd8b3f6b329b",
"sha256:e5c20f33fd10485b80f65e800bbe5f6785af510b9f4056c5a3c612ebc83ba6cb",
"sha256:eb11a4f1b2b63337cfd3b4d110af778a59aae51c81d195768e353d8b52f88081",
"sha256:ed090ccd235f6fa8bb5861684567f0a83e04f52dfc2e5c05f2e4b1309fcf85e7",
"sha256:ed10dc32829e7d222b7d3b93136d25a406ba9788f6a7ebf6809092da1f4d279d",
"sha256:eda8719d598f2f7f3e0f885cba8646644b55a187762bec091fa14a2b819746a9",
"sha256:ee4308f409a40e50593c7e3bb8cbe0b4d4c66d1674a316324f0c2f5383b486f9",
"sha256:ee5422d7fb21f6a00c1901bf6559c49fee13a5159d0288320737bbf6585bd3e4",
"sha256:f149826d742b406579466283769a8ea448eed82a789af0ed17b0cd5770433444",
"sha256:f2729615f9d430af0ae6b36cf042cb55c0936408d543fb691e1a9e36648fd35a",
"sha256:f39f58a27cc6e59f432b568ed8429c7e1641324fbe38131de852cd77b2d534b0",
"sha256:f41f814b8eaa48768d1bb551591f6ba45f87ac76899453e8ccd41dba1289b04b",
"sha256:f9025faafc62ed0b75a53e541895ca272815bec18abe2249ff6501c8f2e12b83",
"sha256:faf8d146f3d476abfee026c4ae3bdd9ca14236ae4e4c310cbd1cf75ba33d24a3",
"sha256:fb08b65b93e0c6dd70aac7f7890a9c0938d5ec71d5cb32d45cf844fb8ae47636",
"sha256:fb7c72262deae25366e3b6c0c0ba46007967aea15d1eea746e44ddba8ec58dcc",
"sha256:fb89bec23fddc489e5d78b550a7b773557c9ab58b7946154a10a6f7a214a48b2",
"sha256:fe0dd05afb46597b9a2e11c351e5e4283c741237e7f617ffb3252780cca9336a",
"sha256:fecc80cb2a90e28af8a9b366edacf33d7a91cbfe4c2c4544ea1246e949cfebeb",
"sha256:fed467af29776f6556250c9ed85ea5a4dd121ab56a5f8b206e3e7a4c551e48ec",
"sha256:ffce0481cc6e95e5b3f0a47ee17ffbd234399e6d532f394c8dce320c3b089c21"
],
"markers": "python_version >= '3.9'",
"version": "==0.26.0"
"version": "==0.27.1"
},
"ruamel.yaml": {
"ruamel-yaml": {
"hashes": [
"sha256:710ff198bb53da66718c7db27eec4fbcc9aa6ca7204e4c1df2f282b6fe5eb6b2",
"sha256:7227b76aaec364df15936730efbf7d72b30c0b79b1d578bbb8e3dcb2d81f52b7"
"sha256:148f6488d698b7a5eded5ea793a025308b25eca97208181b6a026037f391f701",
"sha256:dbfca74b018c4c3fba0b9cc9ee33e53c371194a9000e694995e620490fd40700"
],
"markers": "python_version >= '3.8'",
"version": "==0.18.14"
"version": "==0.18.15"
},
"ruamel.yaml.clib": {
"ruamel-yaml-clib": {
"hashes": [
"sha256:040ae85536960525ea62868b642bdb0c2cc6021c9f9d507810c0c604e66f5a7b",
"sha256:0467c5965282c62203273b838ae77c0d29d7638c8a4e3a1c8bdd3602c10904e4",

View File

@@ -13,12 +13,6 @@ interpreter_python=auto
# See: https://docs.ansible.com/ansible/latest/user_guide/connection_details.html#managing-host-key-checking
host_key_checking = False
ansible_managed = This file is managed by Ansible.%n
template: {file}
date: %Y-%m-%d %H:%M:%S
user: {uid}
host: {host}
[privilege_escalation]
# instead of using -K
become_ask_pass=True

View File

@@ -3,4 +3,12 @@
tls_cipher_suite: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
ansible_managed: |-
This file is managed by Ansible.
{{ 'template: ' + template_path }}
{{ 'date: ' + (template_mtime | string) }}
{{ 'user: ' + template_uid }}
{{ 'host: ' + template_host }}
# vim: set ts=2 sw=2:

View File

@@ -1,141 +1,141 @@
$ANSIBLE_VAULT;1.1;AES256
61623539626162633765633037643066613863623631336534396535353439376238646263306463
3762323765316137356636623430333662386564626536350a333334393630653733353864636162
64623562623462373337363339343832336439363832653666316335313633343663396438346365
6531343731363736340a373839663837396138366237303636326363663366656564306663663934
34333862643232383566306335363462653035313039353764643261663165613861623333663136
31333131303630356239636334346466643433356661383234383132653865326634643138613666
35386430646239643535373264386535316135623633303863646564313538323532333739653636
37393833363564323533333963376334326536666535626530383165613938353232356539633732
30633761336638636265353764643063316538353065376431616165343936323834303733326433
62626233643630643835323834343461333365333232373236376234376532636431396232633034
34303538313331383332643731653634313736383261393563393232643466386339363836623466
33383633353239623930363765326638643066373332653264633437323536366233383030346135
61353636353239376564396336353538616135663237613137366263353730366263643961373461
36646132646563646133373563653034646330653931396562643832666634383439313764646535
35643161356263316638363662626662346232633230363731633263333566376262396236363161
38636138306366666163663861346639323630663039353863346161613336363730633738386635
31356638623938353964346436353565363431636238326266373863316464396563336461336162
37323962343637626634386539643062343565313431386265323166623437346639363630343739
63613738656465346261653538643932666235356635346564356234613265353761393263373965
37326438346432306165616538363334653732643138643864633731363936626433303961373465
38383535396665643037363665623739346230666539643835343862646464303436303561313035
31356462656230326137616531363461316365333432326230373632356632313765333464313164
65393537656364656464343237646137396331643165343639643330353264333066633432363066
31336132373162393033363636386632313938333039393533313038623633613362646134363162
36346532306166346335643636353439323732663763396432613537316234376366616262626638
38613936626237343464373937383464356439383934353264643632386239353666396133656635
37666534383461663433653139383732383062643939653066656231646532666262386239616433
34386335363663313933663465623534633163316635353439616532386565613234373039653364
62376565613863656232643631343634636366643034386466323963643837653831653635333865
37383834626362613235623264613234653236323236383632356666643465313561626137343330
61643963306363366638306335653364616264613766346539316337623466666537616535333363
35306665383339643834616463396362663538303031386639343932346537363866663536373634
32623738363234326361336436626330363962316163653733663663316139393134666632633438
32303463343363383663636165643730653138356538326137613730383863373635646533373066
38323361373665376435313266373439636533646634326533626135313462303739313430383730
32333636633737376566623663323234376235623039313865663232323761616532666466306264
39623434333638323065623830656535353331326435643464333035326338366136666136663337
34336366333539333232653263396231633234313935396366646639383465326333653236383362
36656563653465346439653230333534656530373766653733373765623234336466663631323765
38636262373831393633343262356538393736666134633264353037383033343436346333306565
38663637333062653565666163616330393637616434666634633839373966373666323831353338
33666235646162343234343336356563663430643035306333623136323461636135386238396137
63323830316634653666333735663533336262303931653666356531343464656132326134313831
30666466373833313331316330353539646534333135373364343066643536636335633264306334
63396133626234323734666162343835613436393763303836383839323338323339313261383033
33616430376436663966626230343436643032353636363765303032333637396531623265393064
62336330396533346462313638613262363435306330366561303336316239313731623562316366
36373864373763383236663163363335373435636431613562373334396432323633373063346564
38616637316162396638356234323436383765663036366363323964613264373638656161393661
38623234356137383936303738306263376632393533613739613636613561333262333537616336
35393739636533373865343533633961316137626337363336316333616162643538343362613634
34376334393134643963383634646432643763316232656135663031373361346332636662653266
38663931663239666462626664373064666366613834623033346133306335333462623931646535
65343966313966386632333133363965623436313237343331366565323133343833623232326337
38363234336137633035333362383164656238326434366330336662653435343639663438613062
30346336353964346362393832653835303730383934316563333538376333353830376661313065
31353837333563363561663931386264346263323665616231383538353937393330303163306433
64376662393464643836636162373564376664306161656539626132313232343861396537386462
32376636333564323137623862396135313863306337346131323834396633333261633438646561
31613734343839373735356464643865663061363338346663353932313635393138613538303463
33373333373230383336336462636333353137303563366234363737343437323336386335633739
61363266633065383738336537346331376663313133393761633530633932643739636238633565
33343236633834383933336466636663383566633932643464353665643733613137633538346437
33366361663537343931653537333737633463336135623836373261663538303532633763646432
39343361383335636433666431616363373161646265393231353265393436633238303066613963
39633765663339643864386334613337666138333538333762353866333464386232396530306335
64306461363730313061633831343839613065313061326132613563666563656131383236623032
33346234333966653732643263313138333262343461623736386334356662383536633062653832
37626132376336643563396561626636346237393138343133656565643631646530326166613061
31353863623430656433356636616636303961336262613063616464313832343030333937356662
61353136633539306265386335393035313864366464303131663337383636363431636537646461
37646431643862646262623038336635653764383165376433666639363337623035616562663561
36613165393931336639306662656136663231316530663266666135353461613538653734316661
36363065663261323439653733336266613539363732323230346433353363333637616635666234
36373439343762336161313965396537363332316561303235666264653038353132633561393038
30373366303136656661353664396261393136623436323930666430636435623362396636646161
63613734663964656139393531316465623130666663376266616137316137616233373630396663
32326166663731643837623262393835656532393139396535393732626164316136626239663230
35326166346162626134626566313963333661643531353437666139396333343335306633643531
63386437646536633430643539623164306139316364646136306366373732373065376561303431
65363237353163656162393264316263303366633630303532623130343066636132613865363662
63323233323064633238356236616665373933626465393032326134363434613262653165343166
38313263376637383163336565376538326532353766626264346536353563663464623737653430
66373866343865326331333833353261386132393234303536353864343934353039323038363630
37373632356461633137336230353762316562353430323761623861343639393030653038313632
66636133643566306432333038623866333531613334396432306666316439366435383661336531
36373333623266353461383431333462343037306563616231663563353833653839313538613631
30646130383932343865363062313836323365616639346537663461343164363934653737613466
38326234356261343764323063613366313633313766613736663033666664613433363438646366
64366333373164333838363934636366336430343032316562653137323634303833616363393063
35343330663434356530333535663664336463396533393564663138623162666563323736366135
63653662306265326238363266393864393630333064303861376432333432386262306363336135
32333762333339383662303931376631326638666635353433636461386264633166313336636663
36313336663730363937316539623132313937633032396462616634346630383937353034343332
32346164363362346264353965633761306163343131323661313836636438646337396238653962
66306666366663343731333338666463313139373033306137643631313930353932616339636337
39363337376232616139663863303430353530643964633333376561326339373334663862383230
37613861373836643762386339666434623931376266643361383761373235393035303137613838
39383230393831373836396435323734316332663465376136333365393433633065666565393033
62356661346433643532633366313132313137623134626431343532373461396462653738613030
39323566326239383434616663626330646136386463646331616431386235633435333838363732
33633063363065343032383736643634313034663632373237663132373561656530396661326366
31313738633662616663646163386461336537313236313930336466346161306535373965366137
32383934626563663033356466653162333732633639363563663464353466383233373830633361
37326531636262313337333665626233303263633461356331343261353838396661656138323130
39316634666432656638623733333531303662613062323430333933626264376138393665363964
62633765313262653165393332336539363263636362383262303766373331353363363564333037
39373164633563303461313830383632623438666333333938613066313562623233353665653631
62313634373537356365633065333763333533313730353235363963643131316364323031643235
64313731343735346533646430346565393365363334626563353030313663363930363966313339
34346130626633333239663935376663393962363761663935303639346333326230363730363366
39313230353130373733396264616530303534383466633231303661663635623266346235363163
61383761623039666462383266666565643930303664616432393434666566636437616536626365
33336366333139633138386366333938343630373965613865663830366333363363303565633238
32313762303739356433383534653966376231316366396333616435343539376432633837666635
31396137373263386365616237396232376664653266663562356533613263323131356266666264
36636266623338323861303237623361666130373938306539343438316662326536376438306465
62656463356364363837353738663539316163346565333431343363303564376436666631383435
65333066383335633462613034383139336262393865383534323032323730343865303339343239
62343962363566643566356433623133333363343535376534333938623033656334613432326533
63666339373135353331326363303064666137383439663738373236623137383562346439356432
62383365373063376637313437346333643637376234376434613666353734333039353463313335
32326564343139383035313261646635313939366531323530393434303735306138633435333037
65666533366634666665393838616533656338353938333437363939616435636538313937303631
32663439396165333633653531353835366436323062326535366432313936323031613639633164
66323234613139626433326130396232366231623135366462393366616365653337346261663836
61386435636361336334333235663865343262633333633162376433383062336663396162303133
32666437336634323132396664373930316365626131646636366632616138626366613737616131
64386439386265373631373232626538323936383162333535383134643438336336636435613033
31336139376434316432343139363464616136626463396534646239646633363164646330373161
31663233393234393837356133316462346563303435663262363532333963333535373031656434
64303262633166346534396166643365326262636431353065613236666463336238633838633636
35356265653935663963343737616563373663376239613436663138386566393438323735393362
32616238623538366639373762336363353638306539336263316338323666303866633935386433
62313865303732613266393066386533313263313432356434363734626365643338646438646633
31346463313236643862303034363737343731343934666632623130613932323137376134653265
35326164303031623235303265613765663263663333353066333633663636323635383832373865
35626135333634346637346537373962646236376431393266306436333634646263646266326234
37383037363364306230646334333532613464353931376338366532326134393437303535393033
34316232326462343662
38353762626535363837346634333565643931386536313339336365663162656533363636383931
3737373161623364396366323338613062386466313539640a653334643937326338386262623261
65643635373532636439396235373964303537646334343633633531633435323037313433346636
3866306363303338360a356166353265386130616163616662623764313536616666656237636563
30323036353635303438363234646234656530373365396530666539393132643831653039666562
65383962306465363862333131383263353736623264616465336139313638343462653361333239
64363562653366396664623662376433663335313231653935626237663430303734326433333739
62616265373732316530366331323664373637386661353664626464646264356465346466663539
31613435366362343564313732616639376664613630316236373333653634386130663463626231
31396631623466666364316237313363366439326231653035316437616134643035393138383364
35313738373562353632366637663232393638396330626165323535343538633264353366663738
30663135646162396331623837343661613333313437313434313365623664316135626239636230
65376137303439323166346536353831653537326662356330393362666430633831323537623830
65326164663136383339353138663936306166633662346363353063663435323266653137666630
61353263653735626236373233313436343466653238376634623366356431333439323932343938
33303432613063383135633261653837633961643737623462626439373335613430356532353031
31626666663963643736323731613735376239663530373166626365666339346435323761333637
35383464626437646665653931653932653033376464386132383038633734373138313830303466
39313532333866303565353161636435646231313461646639316566386639323561363633636139
37613661626162306431313266383964323434343039386533333535646565373933396565613565
34666136633265663035306261623531333665636336303665613635333232316331643935353461
32643735623532313363663530656630653531666335323565353063316537396334383230386462
33333565616634356537376466373332356663376363353166656139623336396130653564333739
39303733303939313838363331356437646632386631343466383332313037616430313566396335
31363038373437643266656463373662653966653832613935303462303031653761336165646162
31646631373335336435383638666562373236656231613662646161613533376237366463383630
36393532316336303531353032303937353963306164663162386137393664353962323865616532
63326462626130386234643639363762323863326134623063343731366433306431303763363233
36366334386266616261616266386439623665326339653562373836306165353137353137376337
37316363653935623736613138356333653936363866356665303737363032363564643532303234
37656432656363336564393263353430373437303337303461613763346461646565646535366638
34366337343033666134383966646563356533626665373337646231313431346239303635353261
62313939383762303235373537643531623465353062303939383666323139396630346461626136
38656632373637616532666433626564376338363239326234656561636239653536366331633234
65366139623238336234363564616430646435666562616636303064663437663731303839313365
38636438386162623862363865646233346336636439663833343136316165343564393339653565
38346166346434386338303032303430303535373635336562663030336566666435623537363137
61373161343138656365376531633830313561336632633330323035346431643837383062343537
66663961306666333535656432393134363565656635333633363732626665656365356138623164
65303936633666643034313636663262616661313739663135653335366261613133643630343362
66343033363835613031626635336538303362393561313032336136306465316231366137373736
62303335393333306132326135393562666431303631306538326433613362306131316139386361
31383665386466653066613038633335636233396335383764336462636138333034383836386365
38323739346630643532346161383336646165333336393961663930623531303434366265313861
39613231373335373338656434636134663036636234393534353033613133383034343437626434
31646339613430343265333833303231333739666266646436336161363330396264313636616461
61396332363537636162316261363030393466356263353938343236323932306366316535366533
38633165393339356339383939666161336461653438353632653530326639313238323761386461
63653765313532646166306237386435663432633934343039666637323362626338313135623034
30356438633635363738383932393861376235353962303663313963313964383530306530316363
64656638363436326562323234303961396333323931666365656433663865616439336138656232
66653964383034343837663936306632336562373637346132333063663263306237303461333732
65363661623064643663623661393563353739373535373764356163666639376236313839336438
35386265646331313663653761353864663934663261313037396135373938343265353934353361
30343564623631316366343838656135393364353836613330393536623662383637333039383133
37653733626662646631616563306638366263323634303636616331323964393962643061646361
39363562396634656637626630653533396236613334343332326439656165306537326464613436
37333632663731316165613432353339356561316431623038303365303663326666303666646363
66656630396661353765666131393737636630366666373136313837373165303437316233656261
38346463303964343132393162663762346163363739383733326635643264616166393264633934
64333137373532343032303431316633613836323631613231346133366635616435366436316239
64353633366431386664623239353735623037623364346431633733336563303430653233313637
35353138616164643834343339653739373038633531303039333632663566323565383637646561
31383965396365653364343761363161656432656665383963656463613637633938376234353532
33653837613266666661613165376665626432643439363637623333336234313836373232333736
65313232373233613763376463663161643636663162643864363962376232326462643936383131
39366164323038376633376238363663313238336166386663616261306532633331643537376631
31376663393036363566653061353636326565376636346466656263663266326332656461336437
32646162313932646632663738646532663439313630393038383530653562313439336631663535
36396265353231373435353137303164356633653938373166363663616632303764633738333439
62626533346561333565626163643235393164353861636662636531333834623965323034363735
33336138356663303462393864343434636364346432383665313931653062363138623261326438
31616533643163363261386635653732343939633965363362643536626264323537656238633539
62393935386433313366656133633532353131343237623466376632623434626362363062326531
33346165643164363365626432333631393664316266613731663162313764386336333231396632
36666536336333623063346166306164376138343566353063343866316432333266366337623866
61313039663661643863663434343732313139653037373065333463383635393061323938643162
61383064303461366162636439343438376266313931323934313563623435346634663739666565
62333035346634303139626432313262383262633437663436323763313361633235393037343665
62316564376464333133343134333230383765303834613233613232626131343631326433373062
36343466396430313534336332636233623337613134333861646334326633396434353765636163
37343638363234313030363661306337393361333332306331396164346633336130336366396430
62306539656332313162626239303066656664383639353730633738643132386662643733393761
62666339346130626163656237623730363066343838303036613038613763356263363365366238
62623435303838623630333231663137393362323234383533393763623235376164626461373736
36343761353362623433663936623433353439646463613233363732613435373564616239626564
61313066333939326435656535333963313831316231356232346534633531613963353130333432
37656163663230626632393939363532356366643764323330366630656334623261656334633865
61303066333566363061626437643132353664383061383364333338666230313034373535613063
63386237383638333263323337313336373830303865303466363965303839316162663431656538
33376332643335366537306133613761613132643232316438623939356331656263633933613935
65653465383434386561323462626362623566663330656439386361616562353430303938636436
66636531343063633561363330663436383930613438323764356562383536393933646264323135
64633764356166343965346362323466306636363633656466653934313230326435336536306230
38353432323537393131313239373861386237313530366139313338313330326632313536353837
63386161336335363834356437326630353031373435316462613634633039336132646134653236
31346664353932323339366464356161333637313761666138386164313163333531626235663338
62386333303264306363646136646463393134373939346438383465393439343337643336633039
62316464663038326439656334373331303165346534346466663538313632633561393335333931
65363964363335616639643462393463343437626539363838626439386164303464316666633663
63656639626133653266306266306531646331386366343936316136363935323662336335326338
30666130316265666631306635646565363039306138313462376662626161313134383633653834
32376163383763306165323466306264616366343332636564636162666434333732643635336163
61626162626331613438373464336465303739316130343965633532336531313661613961313164
39636165316638616338653965373833333732396363393463383433383930353361636166346232
61323935663536306533336137356566383130393564623938666231393431626136396137633066
36633133313861353338616561373838363833353531633465363731336237663561383561326635
62306338643965613635353536613335363934666362366466663461646135346436336164346536
62666631303638386137356233303235613636346661303834613335616161396238663530643165
65366364336139303766303938643038303461656335303438396565346330313665636165626432
64326666313562646239356231663834326566313331303363343064346539626636346438313266
65643364656164336166353435343730376266333633666230316464356439336463316464653137
66303865613961373732323439326535373933393537656462303831333432636261613564636330
63323361366332386331376437666234346661373233653432343733346363306130383665626437
33313330336365633464643563643465393935653132376135663163393161616462353838336664
35393833656135643733623765626639386561333336623930303465323963613164666531396632
35326365386566353966383635643132316230383363393539653335633934646239316131653536
66656161653030343462346337653434313062343663633665363838393865336536626532623132
66643636656134353363636433636538623930396262663864343332303066333566653063336464
32303030396137346636636164323133396364623532643332363638643761323938616530353836
65366331633561623331393231323534343239323565333330636136383836616230343034633036
38373530616532653166653932643665396434373465376530313663646236336238656266616261
33396463303963646633373038336662623161643135656136326533646337316562323932613833
65616434316239353531666131383335383733333830613934393465663138353662613063323537
31393337343737646537666430323666366338303731623339323063393636353132636233343436
61653862333837623666343061633531396235633565313631663937393337303764316466613130
33653732373034613639326338353438643664653461616133646235393864386564353765313932
36613165323465333937626165316632313334313364353463366239356630653530313761373261
35326331313438656238646535643131656634396238363734626431633734336238616538383636
32303331666531653331306263303534613332653535643833303062653566393632333030383263
63393636643264656439373165383861323534333462353763343931363065393738323433323839
33333530323434363662633939303261636465356663326565633238663333656131376130396561
63363636613161383465323233626630613265346162386439353665393832383961616564636538
65333635336638646436623033343831356339656638333231666439643337306636313931643466
32393765303361323735646130613035346564356562656631373435653832663165313131336236
31636634663466366234386262623234626161663461386661656435656133616339383633386230
34313065396335636630333066633339646432313632373131306235333164336534363630313939
32623062393230633732323130613338363833356533306662616637326337343330303635343532
38396665633938313932656130303263396631343761616631616637633831666139343130313236
62356630346264376432

View File

@@ -3,7 +3,7 @@
# I'm currently not sure when we need to restart versus reload
- name: reload caddy
ansible.builtin.systemd:
ansible.builtin.systemd_service:
name: caddy
state: reloaded

View File

@@ -36,7 +36,7 @@
{% elif has_wordpress -%}
root * {{ document_root }}
encode
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('12', '==') -%}
{% if ansible_distribution_major_version is version('12', '==') -%}
php_fastcgi unix//run/php/php8.2-fpm-{{ domain_name }}.sock
{% endif -%}
file_server

View File

@@ -8,7 +8,7 @@ fail2ban_maxretry: 6
fail2ban_findtime: 3600
# 2 weeks in seconds
fail2ban_bantime: 1209600
fail2ban_ignoreip: 127.0.0.1/8 172.26.0.0/16 192.168.5.0/24
fail2ban_ignoreip: 127.0.0.0/8
# Disable SSH passwords. Must use SSH keys. This is OK because we add the keys
# before re-configuring the SSH daemon to disable passwords.

View File

@@ -1 +0,0 @@
provisioning ALL=(ALL) ALL

View File

@@ -1,27 +1,27 @@
---
# ansible.builtin.file: roles/common/handlers/main.yml
- name: reload sshd
ansible.builtin.systemd:
- name: Reload sshd
ansible.builtin.systemd_service:
name: "{{ sshd_service_name }}"
state: reloaded
- name: reload sysctl
command: sysctl -p /etc/sysctl.conf
- name: Reload sysctl
ansible.builtin.command: sysctl -p /etc/sysctl.conf
- name: reload systemd
ansible.builtin.systemd:
- name: Reload systemd
ansible.builtin.systemd_service:
daemon_reload: true
- name: restart nftables
ansible.builtin.systemd:
- name: Restart nftables
ansible.builtin.systemd_service:
name: nftables
state: restarted
# 2021-09-28: note to self to keep fail2ban at the end, as handlers are executed
# in the order they are defined, not in the order they are listed in the task's
# notify statement and we must restart fail2ban after updating the firewall.
- name: restart fail2ban
ansible.builtin.systemd:
- name: Restart fail2ban
ansible.builtin.systemd_service:
name: fail2ban
state: restarted

View File

@@ -1,8 +1,7 @@
---
- name: Install fail2ban
when:
- ansible_distribution_major_version is version('11', '>=')
ansible.builtin.package:
when: ansible_distribution_version is version('11', '>=')
ansible.builtin.apt:
name:
- fail2ban
- python3-systemd
@@ -15,7 +14,7 @@
dest: /etc/fail2ban/jail.d/sshd.local
owner: root
mode: "0644"
notify: restart fail2ban
notify: Restart fail2ban
- name: Configure fail2ban nginx filter
when:
@@ -27,7 +26,7 @@
dest: /etc/fail2ban/jail.d/nginx.local
owner: root
mode: "0644"
notify: restart fail2ban
notify: Restart fail2ban
- name: Create fail2ban service override directory
ansible.builtin.file:
@@ -44,11 +43,11 @@
owner: root
mode: "0644"
notify:
- reload systemd
- restart fail2ban
- Reload systemd
- Restart fail2ban
- name: Start and enable fail2ban service
ansible.builtin.systemd:
ansible.builtin.systemd_service:
name: fail2ban
state: started
enabled: true

View File

@@ -1,20 +1,25 @@
---
- name: Configure firewall (Debian)
when: ansible_distribution == 'Debian'
ansible.builtin.include_tasks:
file: firewall_Debian.yml
apply:
tags:
- firewall
tags: firewall
# Debian 11+ will use nftables directly, with no firewalld.
- name: Configure firewall (Ubuntu)
when: ansible_distribution == 'Ubuntu'
ansible.builtin.include_tasks:
file: firewall_Ubuntu.yml
apply:
tags:
- firewall
tags: firewall
- name: Install Debian firewall packages
when: ansible_distribution_version is version('11', '>=')
ansible.builtin.apt:
name: nftables
state: present
cache_valid_time: 3600
- name: Remove iptables on newer Debian
when: ansible_distribution_version is version('11', '>=')
ansible.builtin.apt:
pkg: iptables
state: absent
- name: Configure nftables
when: ansible_distribution_version is version('11', '>=')
ansible.builtin.include_tasks: nftables.yml
- name: Configure fail2ban
when: ansible_distribution_version is version('9', '>=')
ansible.builtin.include_tasks: fail2ban.yml
# vim: set sw=2 ts=2:

View File

@@ -1,28 +0,0 @@
---
# Debian 11+ will use nftables directly, with no firewalld.
- name: Install Debian firewall packages
when: ansible_distribution_major_version is version('11', '>=')
ansible.builtin.package:
name:
- libnet-ip-perl # for aggregate-cidr-addresses.pl
- nftables
- curl # for nftables update scripts
state: present
cache_valid_time: 3600
- name: Remove iptables on newer Debian
when: ansible_distribution_major_version is version('11', '>=')
ansible.builtin.apt:
pkg: iptables
state: absent
- name: Configure nftables
ansible.builtin.include_tasks: nftables.yml
when: ansible_distribution_version is version('11', '>=')
- ansible.builtin.include_tasks: fail2ban.yml
when:
- ansible_distribution_major_version is version('9', '>=')
# vim: set sw=2 ts=2:

View File

@@ -1,27 +0,0 @@
---
# Ubuntu 20.04 will use nftables directly, with no firewalld.
- name: Install Ubuntu firewall packages
when: ansible_distribution_version is version('20.04', '>=')
ansible.builtin.package:
name:
- libnet-ip-perl # for aggregate-cidr-addresses.pl
- nftables
- curl # for nftables update scripts
state: present
cache_valid_time: 3600
- name: Remove ufw
ansible.builtin.package:
name: ufw
state: absent
- name: Configure nftables
ansible.builtin.include_tasks: nftables.yml
when: ansible_distribution_version is version('20.04', '>=')
- ansible.builtin.include_tasks: fail2ban.yml
when:
- ansible_distribution_version is version('16.04', '>=')
# vim: set sw=2 ts=2:

View File

@@ -8,13 +8,7 @@
tags: ntp
- name: Install common packages
ansible.builtin.include_tasks: packages_Debian.yml
when: ansible_distribution == 'Debian'
tags: packages
- name: Install common packages
ansible.builtin.include_tasks: packages_Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
ansible.builtin.include_tasks: packages.yml
tags: packages
- name: Configure firewall
@@ -28,13 +22,23 @@
# containers identify as virtualization hosts, which makes this tricky, because we have actual Debian VM hosts!
- name: Reconfigure /etc/sysctl.conf
when: ansible_virtualization_role != 'host'
ansible.builtin.template: src=sysctl_{{ ansible_distribution }}.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644
ansible.builtin.template:
src: "sysctl_{{ ansible_distribution }}.j2"
dest: /etc/sysctl.conf
owner: root
group: root
mode: "0644"
notify:
- reload sysctl
- Reload sysctl
tags: sysctl
- name: Set I/O scheduler
ansible.builtin.template: src=etc/udev/rules.d/60-scheduler.rules.j2 dest=/etc/udev/rules.d/60-scheduler.rules owner=root group=root mode=0644
ansible.builtin.template:
src: etc/udev/rules.d/60-scheduler.rules.j2
dest: /etc/udev/rules.d/60-scheduler.rules
owner: root
group: root
mode: "0644"
tags: udev
- name: Copy admin SSH keys

View File

@@ -1,6 +1,5 @@
---
# Common nftables tasks for Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, Debian 11,
# and Debian 12.
# Common nftables tasks for Debian 11 and Debian 12.
- name: Copy nftables.conf
ansible.builtin.template:
@@ -9,8 +8,8 @@
owner: root
mode: "0644"
notify:
- restart nftables
- restart fail2ban
- Restart nftables
- Restart fail2ban
- name: Create /etc/nftables extra config directory
ansible.builtin.file:
@@ -30,8 +29,8 @@
loop:
- { src: firehol_level1-ipv4.nft, force: false }
notify:
- restart nftables
- restart fail2ban
- Restart nftables
- Restart fail2ban
- name: Copy nftables update scripts
ansible.builtin.template:
@@ -59,8 +58,8 @@
- /etc/systemd/system/update-spamhaus-nftables.timer
- /usr/local/bin/aggregate-cidr-addresses.pl
notify:
- restart nftables
- restart fail2ban
- Restart nftables
- Restart fail2ban
- name: Copy nftables systemd units
ansible.builtin.copy:
@@ -76,12 +75,12 @@
# need to reload to pick up service/timer/environment changes
- name: Reload systemd daemon
ansible.builtin.systemd: # noqa no-handler
daemon_reload: true
when: nftables_systemd_units is changed
ansible.builtin.systemd_service: # noqa no-handler
daemon_reload: true
- name: Start and enable nftables update timers
ansible.builtin.systemd:
ansible.builtin.systemd_service:
name: "{{ item }}"
state: started
enabled: true
@@ -89,7 +88,7 @@
- update-firehol-nftables.timer
- name: Start and enable nftables
ansible.builtin.systemd:
ansible.builtin.systemd_service:
name: nftables
state: started
enabled: true

View File

@@ -1,7 +1,6 @@
---
# Hosts running Ubuntu 16.04+ and Debian 9+ use systemd init system and should
# use systemd-timesyncd as a network time client instead of the standalone ntp
# client.
# Hosts running Debian 9+ use systemd init system and can use systemd-timesyncd
# as a network time client instead of the standalone ntp client.
- name: Set timezone
when:
@@ -13,18 +12,29 @@
# Apparently some cloud images don't have this installed by default. From what
# I can see on existing servers, systemd-timesyncd is a standalone package on
# Ubuntu 20.04 and Debian 11.
# Debian 11 and Debian 12.
- name: Install systemd-timesyncd
when: (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')) or (ansible_distribution == 'Debian' and ansible_distribution_version
is version('11', '>='))
ansible.builtin.apt: name=systemd-timesyncd state=present cache_valid_time=3600
when: ansible_distribution_version is version('11', '>=')
ansible.builtin.apt:
name: systemd-timesyncd
state: present
cache_valid_time: 3600
- name: Start and enable systemd's NTP client
when: ansible_service_mgr == 'systemd'
ansible.builtin.systemd: name=systemd-timesyncd state=started enabled=true
ansible.builtin.systemd_service:
name: systemd-timesyncd
state: started
enabled: true
- name: Uninstall ntp on modern Ubuntu/Debian
ansible.builtin.apt: name=ntp state=absent
when: ansible_service_mgr == 'systemd'
# On Debian 12 ntp doesn't conflict with systemd-timesyncd so we should try to
# remove it to be sure.
- name: Uninstall ntp on Debian 12
when:
- ansible_service_mgr == 'systemd'
- ansible_distribution_major_version is version('12', '==')
ansible.builtin.apt:
name: ntp
state: absent
# vim: set ts=2 sw=2:

View File

@@ -1,5 +1,6 @@
---
- name: Configure Debian packages
tags: packages
block:
# Scaleway seems to use a weird sources.list format as of Debian 12?
- name: Check for weird Debian sources
@@ -8,10 +9,15 @@
register: weird_debian_sources_stat
- name: Configure apt mirror
ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
when:
- ansible_architecture != 'armv7l'
- not weird_debian_sources_stat
ansible.builtin.template:
src: sources.list.j2
dest: /etc/apt/sources.list
owner: root
group: root
mode: "0644"
- name: Set fact for base packages
ansible.builtin.set_fact:
@@ -36,14 +42,16 @@
- unattended-upgrades
- name: Install base packages
ansible.builtin.apt: name={{ base_packages }} state=present cache_valid_time=3600
ansible.builtin.apt:
name: "{{ base_packages }}"
state: present
cache_valid_time: 3600
- name: Remove cron-apt
ansible.builtin.import_tasks: cron-apt.yml
tags: cron-apt
ansible.builtin.import_tasks: cron-apt.yml
- name: Install tarsnap
ansible.builtin.import_tasks: tarsnap.yml
tags: packages
# vim: set sw=2 ts=2:

View File

@@ -1,60 +0,0 @@
---
- name: Configure Ubuntu packages
block:
- name: Configure apt mirror
ansible.builtin.template: src=sources.list.j2 dest=/etc/apt/sources.list owner=root group=root mode=0644
when: ansible_architecture != 'armv7l'
- name: Upgrade base OS
ansible.builtin.apt: upgrade=dist cache_valid_time=3600
- name: Set Ubuntu base packages
ansible.builtin.set_fact:
ubuntu_base_packages:
- git
- git-lfs
- tmux
- iotop
- htop
- strace
- cron-apt
- safe-rm
- debian-goodies
- mosh
- python-pycurl # for ansible's apt_repository
- vim
- unzip
- apt-transport-https # for https support in apt
- zstd
- rsync
- lsof
- name: Install base packages
ansible.builtin.apt: pkg={{ ubuntu_base_packages }} state=present cache_valid_time=3600
- name: Disable annoying Canonical spam in MOTD
ansible.builtin.file: path={{ item }} mode=0644 state=absent
loop:
- /etc/update-motd.d/99-esm # Ubuntu 14.04
- /etc/update-motd.d/10-help-text # Ubuntu 14.04+
- /etc/update-motd.d/50-motd-news # Ubuntu 18.04+
- /etc/update-motd.d/80-esm # Ubuntu 18.04+
- /etc/update-motd.d/80-livepatch # Ubuntu 18.04+
ignore_errors: true
- name: Disable annoying Canonical spam in MOTD
ansible.builtin.systemd: name={{ item }} state=stopped enabled=no
when: ansible_service_mgr == 'systemd'
loop:
- motd-news.service
- motd-news.timer
- name: Configure cron-apt
ansible.builtin.import_tasks: cron-apt.yml
tags: cron-apt
- name: Install tarsnap
ansible.builtin.import_tasks: tarsnap.yml
tags: packages
# vim: set sw=2 ts=2:

View File

@@ -1,9 +1,11 @@
---
- name: Zero .ssh/authorized_keys for provisioning user
ansible.builtin.file: dest={{ provisioning_user.home }}/.ssh/authorized_keys state=absent
ansible.builtin.file:
dest: "{{ provisioning_user.home }}/.ssh/authorized_keys"
state: absent
- name: Add public keys to authorized_keys
ansible.posix.authorized_key: { user: "{{ provisioning_user.name }}", key: "{{ lookup('file',item) }}" }
ansible.posix.authorized_key: { user: "{{ provisioning_user.name }}", key: "{{ lookup('file', item) }}" }
with_fileglob:
# use descriptive names for keys, like: aorth-mzito-rsa.pub
- ssh-pub-keys/*.pub

View File

@@ -1,17 +1,26 @@
---
# SSH configs don't change in Debian minor versions
# Only override the system sshd configuration on older Debian.
- name: Reconfigure /etc/ssh/sshd_config
ansible.builtin.template: src=sshd_config_{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.j2 dest=/etc/ssh/sshd_config owner=root group=root
mode=0600
when: ansible_distribution == 'Debian'
notify: reload sshd
when: ansible_distribution_version is version('12', '<=')
ansible.builtin.template:
src: "sshd_config_{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.j2"
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: "0600"
notify: Reload sshd
# Ubuntu is the only distro we have where SSH version is very different from 14.04 -> 14.10,
# ie with new ciphers supported etc.
- name: Reconfigure /etc/ssh/sshd_config
ansible.builtin.template: src=sshd_config_{{ ansible_distribution }}-{{ ansible_distribution_version }}.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0600
when: ansible_distribution == 'Ubuntu'
notify: reload sshd
# Newer OpenSSH versions support including extra configuration. The includes
# happen at the beginning of the file and the first value to be read is used.
- name: Configure sshd_config.d overrides
when: ansible_distribution_version is version('13', '>=')
ansible.builtin.template:
src: etc/ssh/sshd_config.d/01-{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.conf.j2
dest: /etc/ssh/sshd_config.d/01-custom.conf
owner: root
group: root
mode: "0600"
notify: Reload sshd
# See: WeakDH (2015): https://weakdh.org/sysadmin.html
- name: Remove small Diffie-Hellman SSH moduli
@@ -24,28 +33,30 @@
register: check_unsafe_moduli
- name: Extract safe Diffie-Hellman SSH moduli
when: check_unsafe_moduli.stdout | length > 0
ansible.builtin.shell:
cmd: awk '$5 >= 3071' moduli > moduli.safe
chdir: /etc/ssh
creates: moduli.safe
when: check_unsafe_moduli.stdout | length > 0
register: extract_safe_moduli
- name: Replace unsafe Diffie-Hellman SSH moduli
when: extract_safe_moduli is changed
ansible.builtin.command:
cmd: mv moduli.safe moduli
chdir: /etc/ssh
register: replace_small_moduli
when: extract_safe_moduli is changed
notify: reload sshd
notify: Reload sshd
- name: Remove DSA and ECDSA host keys
ansible.builtin.file: name=/etc/ssh/{{ item }} state=absent
ansible.builtin.file:
name: "/etc/ssh/{{ item }}"
state: absent
loop:
- ssh_host_dsa_key
- ssh_host_dsa_key.pub
- ssh_host_ecdsa_key
- ssh_host_ecdsa_key.pub
notify: reload sshd
notify: Reload sshd
# vim: set sw=2 ts=2:

View File

@@ -5,6 +5,7 @@
register: tarsnap_signing_key_stat
- name: Download tarsnap apt signing key
when: not tarsnap_signing_key_stat.stat.exists
ansible.builtin.get_url:
url: https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc
dest: /etc/apt/keyrings/tarsnap-deb-packaging-key.asc
@@ -12,9 +13,9 @@
group: root
mode: "0644"
register: download_tarsnap_signing_key
when: not tarsnap_signing_key_stat.stat.exists
- name: Add tarsnap.org repo
when: ansible_architecture != 'armv7l'
ansible.builtin.template:
src: tarsnap_sources.list.j2
dest: /etc/apt/sources.list.d/tarsnap.list
@@ -22,12 +23,11 @@
group: root
mode: "0644"
register: add_tarsnap_apt_repository
when: ansible_architecture != 'armv7l'
- name: Update apt cache
when: (download_tarsnap_signing_key.status_code is defined and download_tarsnap_signing_key.status_code == 200) or add_tarsnap_apt_repository is changed
ansible.builtin.apt: # noqa no-handler
update_cache: true
when: (download_tarsnap_signing_key.status_code is defined and download_tarsnap_signing_key.status_code == 200) or add_tarsnap_apt_repository is changed
- name: Install tarsnap
ansible.builtin.apt:

View File

@@ -0,0 +1,40 @@
{{ ansible_managed | comment }}
HostKey /etc/ssh/ssh_host_ed25519_key
# LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear
# audit track of which key was using to log in.
LogLevel VERBOSE
MaxAuthTries 4
AuthorizedKeysFile .ssh/authorized_keys
# To disable tunneled clear text passwords, change to no here!
{% if ssh_password_authentication == 'disabled' %}
PasswordAuthentication no
{% else %}
PasswordAuthentication yes
{% endif %}
X11Forwarding no
# Based on the ssh-audit profile for Debian 13, but with but with all algos with
# less than 256 bits removed, as NSA's Suite B removed them years ago and the
# new (2018) CNSA suite is 256 bits and up.
#
# See: ssh-audit.py -P "Hardened Debian 13 (version 1)"
# See: https://en.wikipedia.org/wiki/Commercial_National_Security_Algorithm_Suite
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com
{% if ssh_allowed_users is defined and ssh_allowed_users %}
AllowUsers {{ ssh_allowed_users|join(" ") }} {{ provisioning_user.name }}
{% endif %}
PerSourcePenaltyExemptList {{ fail2ban_ignoreip | replace(" ", ",") }}
# Mask to use for IPv4 and IPv6 respectively when applying network penalties.
# The default is 32:128.
PerSourceNetBlockSize 24:56

View File

@@ -6,14 +6,14 @@ PartOf=nftables.service
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=read-only
{% if (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version is version('18','>=')) or (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11','>=')) %}
{% if ansible_distribution_version is version('11','>=') %}
ProtectSystem=strict
{% else %}
{# Older systemd versions don't have ProtectSystem=strict #}
ProtectSystem=full
{% endif %}
NoNewPrivileges=yes
{% if (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version is version('18','>=')) or (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11','>=')) %}
{% if ansible_distribution_version is version('11','>=') %}
ReadWritePaths=-/var/run/fail2ban
ReadWritePaths=-/var/lib/fail2ban
ReadWritePaths=-/var/log/fail2ban.log

View File

@@ -1,16 +1,6 @@
{% if ansible_distribution == 'Ubuntu' %}
{% set apt_mirror = apt_mirror | default("ubuntu.mirror.ac.ke") %}
deb http://{{ apt_mirror }}/ubuntu/ {{ ansible_distribution_release }} main restricted universe multiverse
deb http://{{ apt_mirror }}/ubuntu/ {{ ansible_distribution_release }}-updates main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-security main restricted universe multiverse
{% else %}
{% set apt_mirror = apt_mirror | default('deb.debian.org') %}
deb http://{{ apt_mirror }}/debian/ {{ ansible_distribution_release }} main contrib non-free
deb http://security.debian.org/debian-security {{ ansible_distribution_release }}-security main contrib non-free
deb http://{{ apt_mirror }}/debian/ {{ ansible_distribution_release }}-updates main contrib non-free
{% endif %} {# ansible_distribution #}

View File

@@ -1,143 +0,0 @@
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
# LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in.
LogLevel VERBOSE
# Authentication:
#LoginGraceTime 2m
PermitRootLogin prohibit-password
#StrictModes yes
MaxAuthTries 4
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
{% if ssh_password_authentication == 'disabled' %}
PasswordAuthentication no
{% else %}
PasswordAuthentication yes
{% endif %}
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
# Originally from: https://stribika.github.io/2015/01/04/secure-secure-shell.html
# ... but with ciphers and MACs with < 256 bits removed, as NSA's Suite B now
# does away with these! See: https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
{% if ssh_allowed_users is defined and ssh_allowed_users %}
# Is there a list of allowed users?
# Is it populated? (An empty list is 'None', which evaluates as False in Python)
# merge the items of a list into one string using a space as a separator
# http://jinja.pocoo.org/docs/dev/templates/#join
AllowUsers {{ ssh_allowed_users|join(" ") }} {{ provisioning_user.name }}
{% endif %}

View File

@@ -1,100 +0,0 @@
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
# CIS Benchmark Adjustments
# See: https://github.com/alanorth/securekickstarts
kernel.randomize_va_space = 2
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_syncookies = 1
# TCP stuff
# See: http://fasterdata.es.net/host-tuning/linux/
# increase TCP max buffer size settable using setsockopt()
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# increase Linux autotuning TCP buffer limit
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# increase the length of the processor input queue
net.core.netdev_max_backlog = 30000
# recommended for hosts with jumbo frames enabled
#net.ipv4.tcp_mtu_probing=1
# increase quadruplets (src ip, src port, dest ip, dest port)
# see: http://vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux.html
net.ipv4.ip_local_port_range = 10240 65535
# recommended for web servers, especially if running SPDY
# see: http://www.chromium.org/spdy/spdy-best-practices
net.ipv4.tcp_slow_start_after_idle = 0

View File

@@ -1,5 +1,7 @@
---
- name: restart mariadb
ansible.builtin.systemd: name=mariadb state=restarted
ansible.builtin.systemd_service:
name: mariadb
state: restarted
# vim: set ts=2 sw=2:

View File

@@ -16,6 +16,7 @@
- mariadb
- name: Download MariaDB package signing key
when: not mariadb_signing_key_stat.stat.exists
ansible.builtin.get_url:
url: https://mariadb.org/mariadb_release_signing_key.asc
dest: /etc/apt/keyrings/mariadb_release_signing_key.asc
@@ -23,7 +24,6 @@
group: root
mode: "0644"
register: download_mariadb_signing_key
when: not mariadb_signing_key_stat.stat.exists
tags:
- packages
- mariadb
@@ -40,9 +40,9 @@
- mariadb
- name: Update apt cache
when: (download_mariadb_signing_key.status_code is defined and download_mariadb_signing_key.status_code == 200) or add_mariadb_apt_repository is changed
ansible.builtin.apt: # noqa no-handler
update_cache: true
when: (download_mariadb_signing_key.status_code is defined and download_mariadb_signing_key.status_code == 200) or add_mariadb_apt_repository is changed
tags:
- packages
- mariadb
@@ -87,16 +87,17 @@
# See: https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_db_module.html
- name: Create MariaDB database(s)
when: mariadb_databases is defined
community.mysql.mysql_db:
db: "{{ item.name }}"
state: present
encoding: utf8mb4
login_unix_socket: "{{ mariadb_login_unix_socket }}"
loop: "{{ mariadb_databases }}"
when: mariadb_databases is defined
tags: mariadb
- name: Create MariaDB user(s)
when: mariadb_databases is defined
community.mysql.mysql_user:
name: "{{ item.user }}"
password: "{{ item.pass }}"
@@ -105,7 +106,6 @@
state: present
login_unix_socket: "{{ mariadb_login_unix_socket }}"
loop: "{{ mariadb_databases }}"
when: mariadb_databases is defined
tags: mariadb
# vim: set ts=2 sw=2:

View File

@@ -1,4 +1,4 @@
---
# ansible.builtin.file: roles/munin/handlers/main.yml
- name: restart munin-node
ansible.builtin.systemd: name=munin-node state=restarted
ansible.builtin.systemd_service: name=munin-node state=restarted

View File

@@ -1,16 +1,22 @@
---
- name: Install munin-node
ansible.builtin.apt: name=munin-node state=present
ansible.builtin.apt:
name: munin-node
state: present
tags: packages
# some nice things to have for munin-node on Ubuntu
# libwww-perl: for munin's nginx_status check
- name: Install munin-node deps
ansible.builtin.apt: name=libwww-perl state=present
ansible.builtin.apt:
name: libwww-perl
state: present
tags: packages
- name: Create munin-node.conf
ansible.builtin.template: src=munin-node.conf.j2 dest=/etc/munin/munin-node.conf
ansible.builtin.template:
src: munin-node.conf.j2
dest: /etc/munin/munin-node.conf
notify:
- restart munin-node
@@ -20,6 +26,9 @@
- restart munin-node
- name: Start munin-node
ansible.builtin.systemd: name=munin-node state=started enabled=true
ansible.builtin.systemd_service:
name: munin-node
state: started
enabled: true
# vim: set ts=2 sw=2:

View File

@@ -1,9 +1,16 @@
---
- name: Install munin package
ansible.builtin.apt: name=munin state=present
ansible.builtin.apt:
name: munin
state: present
tags: packages
- name: Create munin configuration file
ansible.builtin.template: src=munin.conf.j2 dest=/etc/munin/munin.conf owner=root group=root mode=0644
ansible.builtin.template:
src: munin.conf.j2
dest: /etc/munin/munin.conf
owner: root
group: root
mode: "0644"
# vim: set ts=2 sw=2:

View File

@@ -1,5 +1,7 @@
---
- name: reload nginx
ansible.builtin.systemd: name=nginx state=reloaded
- name: Reload nginx
ansible.builtin.systemd_service:
name: nginx
state: reloaded
# vim: set ts=2 sw=2:

View File

@@ -1,7 +1,12 @@
---
# Use acme.sh instead of certbot because they only support installation via
# snap now.
- block:
- name: Install and configure Let's Encrypt
tags: letsencrypt
when:
- ansible_distribution == 'Debian'
- ansible_distribution_version is version('11', '>='))
block:
- name: Remove certbot
ansible.builtin.apt:
name: certbot
@@ -21,31 +26,31 @@
register: acme_home
- name: Download acme.sh
when: not acme_home.stat.exists
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh
dest: "{{ letsencrypt_acme_script_temp }}"
mode: "0700"
register: acme_download
when: not acme_home.stat.exists
# Run the "install" for acme.sh so it creates the .acme.sh dir (currently I
# have to chdir to the /root directory where the script exists or else it
# fails. Ansible runs it, but the script can't find itself...).
- name: Install acme.sh
when: acme_download is changed
ansible.builtin.command:
cmd: "{{ letsencrypt_acme_script_temp }} --install --no-profile --no-cron"
creates: "{{ letsencrypt_acme_home }}/acme.sh"
chdir: /root
register: acme_install
when: acme_download is changed
- name: Remove temporary acme.sh script
ansible.builtin.file:
dest: "{{ letsencrypt_acme_script_temp }}"
state: absent
when:
- acme_install.rc is defined
- acme_install.rc == 0
ansible.builtin.file:
dest: "{{ letsencrypt_acme_script_temp }}"
state: absent
- name: Set default certificate authority for acme.sh
ansible.builtin.command:
@@ -77,14 +82,10 @@
# always issues daemon-reload just in case the service/timer changed
- name: Start and enable systemd timer to renew Let's Encrypt certs
ansible.builtin.systemd:
ansible.builtin.systemd_service:
name: renew-letsencrypt.timer
state: started
enabled: true
daemon_reload: true
when: (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')) or (ansible_distribution == 'Debian' and ansible_distribution_version
is version('11', '>='))
tags: letsencrypt
# vim: set ts=2 sw=2:

View File

@@ -33,9 +33,9 @@
- packages
- name: Update apt cache
when: (download_nginx_signing_key.status_code is defined and download_nginx_signing_key.status_code == 200) or add_nginx_apt_repository is changed
ansible.builtin.apt: # noqa no-handler
update_cache: true
when: (download_nginx_signing_key.status_code is defined and download_nginx_signing_key.status_code == 200) or add_nginx_apt_repository is changed
- name: Install nginx
ansible.builtin.apt:
@@ -54,7 +54,7 @@
owner: root
group: root
notify:
- reload nginx
- Reload nginx
tags: nginx
- name: Copy extra nginx configs
@@ -68,7 +68,7 @@
- extra-security.conf
- fastcgi_cache
notify:
- reload nginx
- Reload nginx
tags: nginx
- name: Remove default nginx vhost
@@ -87,13 +87,13 @@
tags: nginx
- name: Configure nginx virtual hosts
ansible.builtin.include_tasks: vhosts.yml
when: nginx_vhosts is defined
ansible.builtin.include_tasks: vhosts.yml
tags: nginx
- name: Configure WordPress
ansible.builtin.include_tasks: wordpress.yml
when: nginx_vhosts is defined
ansible.builtin.include_tasks: wordpress.yml
tags: wordpress
- name: Configure blank nginx vhost
@@ -104,7 +104,7 @@
owner: root
group: root
notify:
- reload nginx
- Reload nginx
tags: nginx
- name: Configure munin vhost
@@ -115,11 +115,11 @@
owner: root
group: root
notify:
- reload nginx
- Reload nginx
tags: nginx
- name: Start and enable nginx service
ansible.builtin.systemd:
ansible.builtin.systemd_service:
name: nginx
state: started
enabled: true

View File

@@ -1,16 +1,23 @@
---
- block:
- name: Configure https vhosts
tags: nginx
block:
- name: Configure https vhosts
ansible.builtin.template: src=vhost.conf.j2 dest={{ nginx_confd_path }}/{{ item.domain_name }}.conf mode=0644 owner=root group=root
ansible.builtin.template:
src: vhost.conf.j2
dest: "{{ nginx_confd_path }}/{{ item.domain_name }}.conf"
mode: "0644"
owner: root
group: root
loop: "{{ nginx_vhosts }}"
notify:
- reload nginx
- Reload nginx
- name: Generate self-signed TLS cert
ansible.builtin.command: openssl req -x509 -nodes -sha256 -days 365 -subj "/C=SO/ST=SO/L=snakeoil/O=snakeoil/CN=snakeoil" -newkey rsa:2048 -keyout /etc/ssl/private/nginx-snakeoil.key
-out /etc/ssl/certs/nginx-snakeoil.crt -extensions v3_ca creates=/etc/ssl/certs/nginx-snakeoil.crt
notify:
- reload nginx
- Reload nginx
- name: Download 4096-bit RFC 7919 dhparams
ansible.builtin.get_url:
@@ -18,12 +25,16 @@
checksum: sha256:64852d6890ff9e62eecd1ee89c72af9af244dfef5b853bcedea3dfd7aade22b3
dest: "{{ nginx_ssl_dhparam }}"
notify:
- reload nginx
- Reload nginx
# TODO: this could break because we can override the document root in host vars
- name: Create vhost document roots
ansible.builtin.file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx
ansible.builtin.file:
path: "{{ nginx_root_prefix }}/{{ item.domain_name }}"
state: directory
mode: "0755"
owner: nginx
group: nginx
loop: "{{ nginx_vhosts }}"
tags: nginx
# vim: set ts=2 sw=2:

View File

@@ -1,19 +1,29 @@
---
- block:
- name: Install and configure WordPress
tags: wordpress
block:
- name: Install WordPress
ansible.builtin.git: repo=https://github.com/WordPress/WordPress.git dest={{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress version={{ item.wordpress_version
}} depth=1 force=true
when:
- item.has_wordpress is defined
- item.has_wordpress
ansible.builtin.git:
repo: https://github.com/WordPress/WordPress.git
dest: "{{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress"
version: "{{ item.wordpress_version }}"
depth: 1
force: true
loop: "{{ nginx_vhosts }}"
- name: Fix WordPress directory permissions
ansible.builtin.file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=nginx group=nginx recurse=true
when:
- item.has_wordpress is defined
- item.has_wordpress
ansible.builtin.file:
path: "{{ nginx_root_prefix }}/{{ item.domain_name }}"
state: directory
owner: nginx
group: nginx
recurse: true
loop: "{{ nginx_vhosts }}"
tags: wordpress
# vim: set ts=2 sw=2:

View File

@@ -1,19 +1,7 @@
{{ ansible_managed | comment }}
{% if ansible_distribution == 'Ubuntu' %}
{% if nginx_version == "stable" %}
deb [arch=amd64 signed-by=/usr/share/keyrings/nginx_signing.key] https://nginx.org/packages/ubuntu/ {{ ansible_distribution_release }} nginx
{% elif nginx_version == "mainline" %}
deb [arch=amd64 signed-by=/usr/share/keyrings/nginx_signing.key] https://nginx.org/packages/mainline/ubuntu/ {{ ansible_distribution_release }} nginx
{% endif %}
{% elif ansible_distribution == 'Debian' %}
{% if nginx_version == "stable" %}
deb [arch=amd64 signed-by=/usr/share/keyrings/nginx_signing.key] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx
{% elif nginx_version == "mainline" %}
deb [arch=amd64 signed-by=/usr/share/keyrings/nginx_signing.key] https://nginx.org/packages/mainline/debian/ {{ ansible_distribution_release }} nginx
{% endif %}
{% endif %}

View File

@@ -77,7 +77,7 @@ server {
# See: https://httpoxy.org/
fastcgi_param HTTP_PROXY "";
{% if ansible_distribution == 'Debian' and ansible_distribution_major_version is version('12', '==') %}
{% if ansible_distribution_major_version is version('12', '==') %}
fastcgi_pass unix:/run/php/php8.2-fpm-{{ domain_name }}.sock;
{% endif %}
fastcgi_index index.php;

View File

@@ -1,7 +1,7 @@
---
# For Debian 12
- name: reload php8.2-fpm
ansible.builtin.systemd:
- name: Reload php8.2-fpm
ansible.builtin.systemd_service:
name: php8.2-fpm
state: reloaded

View File

@@ -1,5 +1,8 @@
---
- block:
- name: Install and configure php-fpm
tags: php-fpm
when: install_php
block:
- name: Set php-fpm packages
ansible.builtin.set_fact:
php_fpm_packages:
@@ -26,13 +29,13 @@
mode: "0644"
loop: "{{ nginx_vhosts }}"
when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
notify: reload php8.2-fpm
notify: Reload php8.2-fpm
- name: Remove default www pool
ansible.builtin.file:
path: /etc/php/8.2/fpm/pool.d/www.conf
state: absent
notify: reload php8.2-fpm
notify: Reload php8.2-fpm
# re-configure php.ini
- name: Update php.ini
@@ -42,9 +45,6 @@
owner: root
group: root
mode: "0644"
notify: reload php8.2-fpm
tags: php-fpm
when: install_php
notify: Reload php8.2-fpm
# vim: set ts=2 sw=2:

View File

@@ -1,10 +0,0 @@
---
# sshd service name is `ssh` on Debian/Ubuntu, but it's
# `sshd` on CentOS
sshd_service_name: ssh
# provisioning user vars
provisioning_user: { name: 'provisioning', home: '/home/provisioning' }
# vim: set ts=2 sw=2:

View File

@@ -9,7 +9,7 @@
- { role: mariadb, when: mariadb_databases is defined}
- { role: nginx, when: webserver is defined and webserver == 'nginx' }
- { role: caddy, when: webserver is defined and webserver == 'caddy' }
- php-fpm
- php_fpm
- munin
vars_files:
- vars/ipsets.yml